+ Post New Thread
Results 1 to 6 of 6
Scripts Thread, Remove AD users and home drives in Coding and Web Development; Hello, Does anyone know if it is possible to delete active directory users and their home drive. We have alot ...
  1. #1

    Join Date
    Nov 2010
    Location
    Birmingham
    Posts
    74
    Thank Post
    13
    Thanked 8 Times in 8 Posts
    Rep Power
    9

    Remove AD users and home drives

    Hello,

    Does anyone know if it is possible to delete active directory users and their home drive. We have alot of students who have left and want to easily delete the accounts and home directory's through a batch script.

    All the users to be deleted are in one OU if that helps?

    Thank you,
    William

  2. #2
    old_n07's Avatar
    Join Date
    Jun 2012
    Location
    North Staffordshire
    Posts
    97
    Thank Post
    10
    Thanked 16 Times in 14 Posts
    Rep Power
    7
    Not had chance to test it but this should suffice, you will need to edit the OU paths to match your AD structure and the servers in the remote connections if you are running remotely.

    Code:
    $log = c:\logs\delete.txt #change location as necessary
    $error.Clear()
    $startupVariables =""
    
    new-variable -force -name startupVariables -value ( Get-Variable | % { $_.Name } ) #gets initial variables present before script is run
    
    function Cleanup-Variables { Get-Variable |  Where-Object { $startupVariables -notcontains $_.Name } | % { Remove-Variable -Name "$($_.Name)" -Force -Scope "global" }}
    
    function RemoteConnections{
                                Get-PSSession | Remove-PSSession #clear up old remote sessions
    
                                #email session
                                $script:Sessemail = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://email.yourdomain.ac.uk/PowerShell/ -Authentication Kerberos
                                Import-PSSession $Sessemail
    
    
                                #AD Session
                                $script:SessDC02 = New-PSSession  -computername DC.yourdomain.ac.uk -Authentication Kerberos
                                Import-Module ActiveDirectory
    
                                cls
    }
    
    RemoteConnections
    
    $users = Search-ADAccount -searchbase "OU=Delete users,DC=YourDomain,DC=AC,DC=UK" | ForEach-Object {get-aduser $_.samaccountname -Properties * | select samaccountname, HomeDirectory, profilepath}
    
    $users | ForEach-Object {  $_.samaccountname | Out-File $log                         
                                
                                remove-item $_.homeDirectory -recurse -force ## delete home directory from server                           
                                
                                remove-item $_.profilepath -recurse -force ## delete profile folder from server, rem out if not needed                            
                                
                                Disable-Mailbox -Identity $_.samaccountname -Confirm:$false ## delete mailbox, rem out if not needed                            
                                
                                Remove-ADUser -Identity $_.samaccountname -Confirm:$false ## delete user account from AD
    
                             }
                             
    Get-PSSession | Remove-PSSession
    cleanup-variables
    HTH

  3. #3

    Join Date
    Nov 2010
    Location
    Birmingham
    Posts
    74
    Thank Post
    13
    Thanked 8 Times in 8 Posts
    Rep Power
    9
    Not having much luck getting this to work. keeps throwing up errors of Parameter set cannot be resolved using the specified named parameters for Search-ADAccount.

    Set the domain and running the script as a domain admin.

    Thank you,
    William

  4. #4
    old_n07's Avatar
    Join Date
    Jun 2012
    Location
    North Staffordshire
    Posts
    97
    Thank Post
    10
    Thanked 16 Times in 14 Posts
    Rep Power
    7
    Are you running this directly on a DC?

    If you are then you only need this bit of code below,

    You need to edit the text in red to reflect the OU structure in your active directory to where the accounts are located.

    If you don't have profile directories then you can delete the line in blue.

    Code:
    $users = Search-ADAccount -searchbase "OU=Delete users,DC=YourDomain,DC=AC,DC=UK" | ForEach-Object {get-aduser $_.samaccountname -Properties * | select samaccountname, HomeDirectory, profilepath}
    
    $users | ForEach-Object {  $_.samaccountname | Out-File $log                         
                                
                                remove-item $_.homeDirectory -recurse -force ## delete home directory from server                           
                                
                                remove-item $_.profilepath -recurse -force ## delete profile folder from server, delete line if not needed                             
                                
                                Remove-ADUser -Identity $_.samaccountname -Confirm:$false ## delete user account from AD

  5. #5
    jaminben's Avatar
    Join Date
    Oct 2012
    Location
    Norfolk
    Posts
    215
    Thank Post
    46
    Thanked 15 Times in 14 Posts
    Rep Power
    6
    Your missing a curly brace at the end.... } and you would also need to remove or specify your Out-File

    Nice piece of code though

    Code:
    $users = Search-ADAccount -searchbase "OU=Delete users,DC=YourDomain,DC=AC,DC=UK" | ForEach-Object {get-aduser $_.samaccountname -Properties * | select samaccountname, HomeDirectory, profilepath}
    
    
    $users | ForEach-Object {                 
                                
                                remove-item $_.homeDirectory -recurse -force ## delete home directory from server                           
                                
                                remove-item $_.profilepath -recurse -force ## delete profile folder from server, delete line if not needed                             
                                
                                Remove-ADUser -Identity $_.samaccountname -Confirm:$false ## delete user account from AD
    }

    EDIT

    I couldn't actually get the above to work correctly so changed it around a bit... I've added some on screen logging so you can see what its going to do first then you can try it at your own risk (I've not tested it fully).

    Code:
    $users = Get-ADUser -Filter "*" -SearchBase "OU=SomeOU,OU=SomeOtherOU,DC=jaminben,DC=local" -Properties samaccountname, HomeDirectory, profilepath
    
    
    $users | ForEach-Object {
      
            #delete user account from AD
            #Remove-ADUser -Identity $_.samaccountname -Confirm:$false   <---  Uncomment if needed
            Write-Host 'SamAccountName: '$_.samaccountname
                                
            #delete home directory from server
            #remove-item $_.homeDirectory -recurse -force   <---   Uncomment if needed
            Write-Host 'Home Directory: '$_.homeDirectory
                                
            #delete profile folder from server, delete line if not needed
            #remove-item $_.profilepath -recurse -force   <---  Uncomment if needed
            Write-Host 'Profile Path: '$_.profilepath `n
    
    }
    
    
    Write-Host `n`n'Press any key to close...'
    
    
    $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
    Last edited by jaminben; 7th October 2013 at 07:21 PM.

  6. #6
    old_n07's Avatar
    Join Date
    Jun 2012
    Location
    North Staffordshire
    Posts
    97
    Thank Post
    10
    Thanked 16 Times in 14 Posts
    Rep Power
    7
    It appears that search-adaccount has some issues in PS 3 now in that it needs another parameter to work, if you disable the accounts to be deleted (if they aren't already) then this will work:

    Code:
    $users = Search-ADAccount -AccountDisabled -searchbase "OU=Delete users,DC=YourDomain,DC=AC,DC=UK" | ForEach-Object {get-aduser $_.samaccountname -Properties * | select samaccountname, HomeDirectory, profilepath}
    It's a handy line anyway for searching for disabled accounts in the organisation anyway, search-adaccount can find locked, disabled expired or expiring accounts among other things.

    As you said Get-ADUser works just as well in this case though
    Last edited by old_n07; 8th October 2013 at 07:50 AM.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 6
    Last Post: 31st July 2008, 03:25 PM
  2. GPO and Home Drives
    By faza in forum Wireless Networks
    Replies: 8
    Last Post: 21st April 2008, 11:28 AM
  3. Exchange AD users and computers
    By browolf in forum Windows
    Replies: 0
    Last Post: 4th December 2006, 10:59 AM
  4. Moving Shared Folders and Home Drives
    By secman in forum Windows
    Replies: 4
    Last Post: 31st August 2006, 08:23 PM
  5. Replies: 22
    Last Post: 15th May 2006, 10:50 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •