none
Cannot bulk delete old AD user objects due to insufficient privleges on subcontainers. RRS feed

  • Question

  • I use the below script to bulk remove users in AD


    import-module activedirectory
    $users = import-csv -Path "C:\delusers.csv"
    $usernames = $users | select samaccountname
    foreach ($username in $usernames) {
         $($username.samaccountname) | Remove-ADUser -Confirm:$false
    }

    I am getting a lot of error messages like this due to insufficient privleges.  

    Remove-ADUser : Cannot find an object with identity: 'JDoe' under: 'DC=mydomain,DC=com'.
    At line:5 char:36
    +      $($username.samaccountname) | Remove-ADUser -Confirm:$false
    +                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (JDoe:ADUser) [Remove-ADUser], ADIdentityNotFoundException
        + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.RemoveADUser

    I use ADSIEDIT and nagivate to the account and grant myself right to the Exchangeactivesyncdevice folder and delete the object.  

    Is there anything in my script I could modify to do this automatically?

    I am trying this script.  If I want to test this against an OU which contains disabled user accounts, should I replace the second line from $OUDomain=" " to $OUDomain="distingushed name of the OU"?

    If every thing works, I replace it to $OUDomain="mydomain.com".  

    Please advise again.  

    #Variables
    $FilePath = "C:\Scripts\ActiveSync\removed-eas-students.csv"
    $OuDomain = " "

    $EASDevices = Get-Mailbox -resultsize unlimited -OrganizationalUnit $OuDomain | `
    Where-Object {$_.ExchangeUserAccountControl -match 'AccountDisabled'}

    ForEach($mailbox in $EASDevices) {
          Get-ActiveSyncDevice -Mailbox $mailbox.Identity |`
          Remove-ActiveSyncDevice -Confirm:$True
    }

    $EASDevices | Select-Object DisplayName , Alias | Export-Csv $FilePath -NoTypeInformation

    Monday, October 21, 2019 2:04 PM

All replies

  • Do those users still have an Exchange mailbox? Try using "Remove-Mailbox" instead of dealing directly with the AD object. That should delete the mailbox and the AD user object. There are usually good reasons for using the applications-specific cmdlets!

    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    Monday, October 21, 2019 5:48 PM
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Lee

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 8, 2019 1:28 PM
    Moderator