Cannot bulk delete old AD user objects due to insufficient privleges on subcontainers. RRS feed

  • السؤال

  • I use the below script to bulk remove users in AD

    import-module activedirectory
    $users = import-csv -Path "C:\delusers.csv"
    $usernames = $users | select samaccountname
    foreach ($username in $usernames) {
         $($username.samaccountname) | Remove-ADUser -Confirm:$false

    I am getting a lot of error messages like this due to insufficient privleges.  

    Remove-ADUser : Cannot find an object with identity: 'JDoe' under: 'DC=mydomain,DC=com'.
    At line:5 char:36
    +      $($username.samaccountname) | Remove-ADUser -Confirm:$false
    +                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (JDoe:ADUser) [Remove-ADUser], ADIdentityNotFoundException
        + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.RemoveADUser

    I use ADSIEDIT and nagivate to the account and grant myself right to the Exchangeactivesyncdevice folder and delete the object.  

    Is there anything in my script I could modify to do this automatically?

    I am trying this script.  If I want to test this against an OU which contains disabled user accounts, should I replace the second line from $OUDomain=" " to $OUDomain="distingushed name of the OU"?

    If every thing works, I replace it to $OUDomain="".  

    Please advise again.  

    $FilePath = "C:\Scripts\ActiveSync\removed-eas-students.csv"
    $OuDomain = " "

    $EASDevices = Get-Mailbox -resultsize unlimited -OrganizationalUnit $OuDomain | `
    Where-Object {$_.ExchangeUserAccountControl -match 'AccountDisabled'}

    ForEach($mailbox in $EASDevices) {
          Get-ActiveSyncDevice -Mailbox $mailbox.Identity |`
          Remove-ActiveSyncDevice -Confirm:$True

    $EASDevices | Select-Object DisplayName , Alias | Export-Csv $FilePath -NoTypeInformation

    22/صفر/1441 02:04 م

جميع الردود

  • Do those users still have an Exchange mailbox? Try using "Remove-Mailbox" instead of dealing directly with the AD object. That should delete the mailbox and the AD user object. There are usually good reasons for using the applications-specific cmdlets!

    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    22/صفر/1441 05:48 م
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    11/ربيع الأول/1441 01:28 م