$ds = new-object directoryServices.directorySearcher
$names = get-content remove.txt
"------------------------------"
foreach ( $account in $names ) {
$account
$ds.filter = "(&(objectCategory=computer)(objectClass=user)(name=$account))"
$dn = $ds.findOne()
if ($dn) {
#remove computer from groups
$user = [ADSI]$dn.path
" Removed from groups:"
foreach ($group in $user.memberof)
{
$groupDE = [ADSI]"LDAP://$group"
" "+$groupDE
$groupDE.remove("LDAP://$($user.distinguishedName)")
}
#remove computer account
$old = $user.distinguishedname -replace ',.*$',''
$olduser = $old -replace 'CN=',''
$usr = $($olduser).tolower()
$usr + " removed from AD"
$location = $dn.path -replace "$old,",''
$ou = [ADSI]$location
$ou.delete("computer","cn=$usr")
}#if
"------------------------------"
}#foreach
3/27/2011
Powershell: Remove inactive accounts
For every machine account listed in a file, remove machine accounts from all groups and then remove the machine accounts.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment