Link to home
Start Free TrialLog in
Avatar of Christian Hans
Christian HansFlag for United States of America

asked on

AD Cleanup by EmployeeID

I have a list of EmployeeIDs in a CSV or TXT file.

Each employee has a unique EmployeeID.

I need some help/suggestions on running a script or command that can query the CSV and delete those AD accounts from AD.

any help would be greatly appreciated. Thank you all.
Avatar of Joshua Grantom
Joshua Grantom
Flag of United States of America image

Can you give a sample of the CSV? what are the column headers?
ASKER CERTIFIED SOLUTION
Avatar of Joshua Grantom
Joshua Grantom
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Christian Hans

ASKER

Hey Josh. Column headers are EmployeeID. I guess that it's a common AD attribute?
Yea it's a common attribute in AD, just wanted to make sure that the column in your csv is labeled the same. If it is, the above script should work well for you unless you want some type of reporting or on screen display.
Morning,

Josh, so I just tried running a sample CSV containing just a few test user EmployeeID's...
PowerShell shows no errors, but I don't see the test accounts deleted from AD. Even after removing the -WhatIf reference.

A sample of the CSV is:

Get-Content "C:\Output\EmployeesToDelete.csv"
EmployeeID
2984757
7048094
4289736


Running this:
Import-Module ActiveDirectory
$Employees = Import-CSV "C:\Output\EmployeesToDelete.csv"
ForEach ($Employee in $Employees)
{
Get-ADUser -LDAPFilter "(employeeID=$($Employee.EmployeeID))" | Remove-ADUser -confirm:$false
}


I don't know what to try next... any ideas?
Is it a true CSV or is it a txt file that is just renamed to CSV
Josh, never mind, false alarm. I apologize. It did work, it just didn't replicate as quickly as I'm used to... if I run it on the DC directly its instant.

Thank you for your help. Works great!
Awesome! Glad to help!
what you can do is specify the server you want to use so you can see the changes on your local DC

Import-Module ActiveDirectory

$Employees = Import-CSV "C:\EmployeesToDelete.csv"

ForEach ($Employee in $Employees)
{
Get-ADUser -LDAPFilter "(employeeID=$($Employee.EmployeeID))" -Server dc.company.com | Remove-ADUser -confirm:$false -Whatif
}

Open in new window

Hey Josh, I don't know if you still get these, thanks for the assistance... related to this question

What would the command be if I wanted to reference that same list of employees by EmployeeID (C:\EmployeesToDelete.csv), but instead of Remove-ADUser -confirm:$false  do a Move to a "Ready to Delete" OU first? Just so I can add one extra layer before deletions occur.

Import-Module ActiveDirectory
$Employees = Import-CSV "C:\EmployeesToDelete.csv"
ForEach ($Employee in $Employees)
{
Get-ADUser -LDAPFilter "(employeeID=$($Employee.EmployeeID))" -Server dc.company.com | Remove-ADUser -confirm:$false -Whatif
}
Instead of Remove-ADUser you can use

Move-ADObject -TargetPath "OU=Ready to Delete,DC=mycompany.com"

Just replace it right after the pipe and it should be good.