locked
How to delete bulk user accounts from a .txt list with VBS/PS2.0/CMD, depending on whether their accounts are disabled? RRS feed

  • Question

  • Hello Scripting Guys!

    In short:
    - I have a .txt list of sAMAccountNames that I need to delete from AD
    - Before deleting the account, I need to perform a check to see whether they are disabled. If they are disabled, delete them, if they aren't, do nothing.

    I don't have Active Directory module and I cannot install it. The domain controllers are windows server 2003 and the management server runs windows server 2008 and has Powershell v2.0 installed.

    I've previously used the following VBscript to disable bulk user accounts from a .TXT file:

    $date = get-date -format d
    $time = get-date -format t
    $month = get-date 
    $month1 = $month.month
    $year1 = $month.year

    $date = $date.ToString().Replace(“/”, “-”)

    $time = $time.ToString().Replace(":", "-")
    $time = $time.ToString().Replace(" ", "")

    $log1 = ".\Logs" + "\" + "Accountdisabled_" + $date + "_.log"
    $log2 = ".\Logs" + "\" + "Accountalreadydisabled_" + $date +"_.log"

    If ((Get-PSSnapin | where {$_.Name -match "Quest.ActiveRoles.ADManagement"}) -eq $null)
    {
    Add-PSSnapin Quest.ActiveRoles.ADManagement
    }

    $file = ".\tobedisabled.txt"

    get-content $file | foreach-object{

    $statusofuser = get-qaduser $_
    $userid = $statusofuser.Name

    if($statusofuser.AccountIsDisabled -like $false)

    {
    Write-host "$userid is not disabled so it will be disabled"
    Add-content $log1 "$userid is not disabled so it will be disabled"
    Disable-QADUser -Identity $userid

    }

    Else
    {
    Write-host "$userid is already disabled"
    Add-content $log2 "$userid is already disabled"

    }

    }


    Now, I was wondering if that could be adapted to instead delete users, I would change it like this:

    $date = get-date -format d
    $time = get-date -format t
    $month = get-date 
    $month1 = $month.month
    $year1 = $month.year

    $date = $date.ToString().Replace(“/”, “-”)

    $time = $time.ToString().Replace(":", "-")
    $time = $time.ToString().Replace(" ", "")

    $log1 = ".\Logs" + "\" + "AccountDeleted_" + $date + "_.log"
    $log2 = ".\Logs" + "\" + "AccountNotDisabled_" + $date +"_.log"


    If ((Get-PSSnapin | where {$_.Name -match "Quest.ActiveRoles.ADManagement"}) -eq $null)
    {
    Add-PSSnapin Quest.ActiveRoles.ADManagement
    }

    $file = ".\deleted.txt"

    get-content $file | foreach-object{

    $statusofuser = get-qaduser $_
    $userid = $statusofuser.Name

    if($statusofuser.AccountIsDisabled -like $false) 

    {
    Write-host "$userid is not disabled so it will not be deleted"
    Add-content $log1 "$userid is not disabled so it will not be deleted"

    }

    Else
    {
    Write-host "$userid was deleted"
    Add-content $log2 "$userid was deleted"

    Remove-QADUser -Identity $userid

    }

    }


    I don't know how to adapt the following code block:

    if($statusofuser.AccountIsDisabled -like $false) - if this evaluates to true, I need to pass the respective user and not delete it..

    Also, will Remove-QADUser -Identity $userid work? I don't have a test environment and I can't create a dummy user to test the script against..


    • Edited by ThaNa70s Tuesday, September 6, 2016 6:28 AM
    Tuesday, September 6, 2016 6:23 AM

Answers

All replies