SCCM User Records - Delete AD users that do not exist anymore RRS feed

  • General discussion

  • Hi guys, have an issue where Forefront Identity Manager has created duplicates of all our Active Directory user objects. These have since been deleted from Active Directory but not from SCCM. I have a list of all the SAM accounts which were created (700 odd) and want to specifically remove these. Am I best to complete a run once of run the "Delete Aged Discovery Data" - delete data older than (days): 1 as a once off then run discovery again?

    Or alternatively use an SCCM Powershell module to remove the specific records from the database?



    • Edited by nickm34 Thursday, August 9, 2012 1:24 AM Title Change
    Thursday, August 9, 2012 1:00 AM

All replies

  • You can jsut remove them from the database. They will be rediscovered next time you run the AD user discovery process. Do you have any user collections with direct members?

    Kent Agerlund | My blogs: blog.coretech.dk/kea and SCUG.dk/ | Twitter: @Agerlund | Linkedin: Kent Agerlund

    Thursday, August 9, 2012 5:50 AM
  • Nope, all security group membership on my collections. What about user device affinity information, will this still be retained (using SCCM 2012 RTM) if we delete all users?

    Really only want to delete the user objects which got created by accident via Forefront Indenity Managment and not touch users that still exist in Active Directory. But must be a better way that deleting out manually (I have a CSV list of all the accidently created users)

    With the "Delete Aged Discovery Data" maintenance task what marks data as "old" as there is an option to delete data older than specified number of days (default is 90 days). Does this mean objects which were initially discovered by the "SMS_AD_USER_DISCOVERY_AGENT" and then this agent is no longer able to find these AD objects?

    ...Or is this determining of "old" data based on something like the "Agent Time" (in the properties of the user)


    Friday, August 10, 2012 1:13 AM