smyers051972
asked on
VBScript Active Directory Bulk Delete Issue
Morning,
I have this script I will enter below that is set to read from a .CSV file and delete all users within it. This was done because I am in an environment where the previous admin did not clean up AD.
When I move to delete them via the script a significant amount of users are kicking out an error referencing a leaf object as will be attached below.
Upon further research, it appears that there are "ExchangeActiveSyncDevices " child objects attached to them and further complicating things, it would appear that some or most of these users were protected from accidental deletion! We have exchange 2010 in the environment with server 2008 R2 DC's.
The script below works very well but I am looking for a tweak that will delete the user and its objects regardless of being protected from accidental deletion or not. I have vetted the list of users in the CSV file carefully so I am aware of the issues surrounding this and also do know that the objects are merely the Exchange objects above and should cause no impact to exchange.
Thanks!
userdel.png
userdel.vbs
I have this script I will enter below that is set to read from a .CSV file and delete all users within it. This was done because I am in an environment where the previous admin did not clean up AD.
When I move to delete them via the script a significant amount of users are kicking out an error referencing a leaf object as will be attached below.
Upon further research, it appears that there are "ExchangeActiveSyncDevices
The script below works very well but I am looking for a tweak that will delete the user and its objects regardless of being protected from accidental deletion or not. I have vetted the list of users in the CSV file carefully so I am aware of the issues surrounding this and also do know that the objects are merely the Exchange objects above and should cause no impact to exchange.
Thanks!
userdel.png
userdel.vbs
ASKER
Im reviewing it and looks nice except I am trying to delete users in the spreadsheet, not move to disabled OU.
It removes the user as well. Try GUI one.
http://gallery.technet.microsoft.com/Z-Term-Active-Directory-2dcb5756
Test in a test lab first. As far as i know from my 14 years for exp, first you disable the user move to some other OU, keep it for some time, if no one reports issue, then delete it.
Also i suggest you to enable 2008 recycle bin option, it will give you easy option to restore, in case you delete wrong user.
http://gallery.technet.microsoft.com/Z-Term-Active-Directory-2dcb5756
Test in a test lab first. As far as i know from my 14 years for exp, first you disable the user move to some other OU, keep it for some time, if no one reports issue, then delete it.
Also i suggest you to enable 2008 recycle bin option, it will give you easy option to restore, in case you delete wrong user.
ASKER
The GUI version only seems to allow 1 user at a time, I have a list of like 100+ users to delete, I dumped them all into a CSV file.
ASKER
I just think before a tangent is explored its probably going to be easier for me at least to stick to the original plan :)
Script mod!
Script mod!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok one sec ill try it now!
ASKER
Had to add the AD module into it but here is the output I got:
Remove-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null argument and
try the command again.
At C:\userdel\userdel.ps1:3 char:24
+ remove-aduser -identity <<<< $_.SamAccountName -confirm:$false }
+ CategoryInfo : InvalidData: (:) [Remove-ADUser], ParameterBindingValidation Exception
+ FullyQualifiedErrorId : ParameterArgumentValidatio nError,Mic rosoft.Act iveDirecto ry.Managem ent.Comman ds.RemoveA DU
ser
Remove-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null argument and
try the command again.
At C:\userdel\userdel.ps1:3 char:24
+ remove-aduser -identity <<<< $_.SamAccountName -confirm:$false }
+ CategoryInfo : InvalidData: (:) [Remove-ADUser], ParameterBindingValidation
+ FullyQualifiedErrorId : ParameterArgumentValidatio
ser
ASKER
Ran the script like this:
.\userdel.ps1
Script:
Import-Module ActiveDirectory
Import-Csv .\delete.txt | foreach-object {
remove-aduser -identity $_.SamAccountName -confirm:$false }
.\userdel.ps1
Script:
Import-Module ActiveDirectory
Import-Csv .\delete.txt | foreach-object {
remove-aduser -identity $_.SamAccountName -confirm:$false }
ASKER
What I am wondering is... The .TXT file I am using the following format:
user1
user2
user3
user4
user5
Each line has a CRLF, should this be read differently? Or is this the correct format for the text file?
user1
user2
user3
user4
user5
Each line has a CRLF, should this be read differently? Or is this the correct format for the text file?
what does you input file contains? use only samname
ASKER
those are the id's you would type into windows logon as a user so this should be the same as the samname field?
ASKER
the script i wrote to pull the users pulled the SAM field. Just checked.
ASKER
any updates?
ASKER
This was the correct answer but found out my text file didnt have a header which was why it failed, the revised code looked like this:
gc .\delete.txt | foreach-object {
remove-aduser -identity $_ -confirm:$false}
The answer given above was right though PS was the best option.
gc .\delete.txt | foreach-object {
remove-aduser -identity $_ -confirm:$false}
The answer given above was right though PS was the best option.
http://technet.microsoft.com/en-us/library/ee617206.aspx
If you need more help check this
http://gallery.technet.microsoft.com/scriptcenter/83691ca6-c564-4e45-8d44-04a08dfa90c0