Get-ADuser | Remove-ADUser not deleting users

Welcome Forums General PowerShell Q&A Get-ADuser | Remove-ADUser not deleting users

This topic contains 7 replies, has 2 voices, and was last updated by

 
Participant
7 months, 4 weeks ago.

  • Author
    Posts
  • #96552

    Participant
    Points: 0
    Rank: Member

    Good morning!
    Attempting to delete AD accounts via the following script:
    foreach ($user in get-content d:\powershell_temp\svcfwsqlstg_accounts_bad.out) {
    Get-ADUser -Filter {Name -eq "$user"} -SearchBase “OU=ServiceAccts,DC=cheri,DC=org” | Remove-ADUser
    "Removing $user" | Out-file -FilePath d:\powershell_temp\remove_invalid_sql_svc_accts.txt -Append
    }

    Run the script but the accounts do not delete

    Here is the contents of the file
    svcSQLStg400Agent
    svcSQLStg400DBEng
    svcSQLStg400Int
    svcSQLStg450Agent
    svcSQLStg450DBENg
    svcSQLStg450SSRS
    svcSQLStg450SSRSAgent
    svcSQLStg450SSRSEng

    Thank you in advance

    Norm

  • #96554

    Keymaster
    Points: 1,619
    Helping HandTeam Member
    Rank: Community Hero

    I'd start by just running the Get-ADUser part. Is it returning users? Because if that's not working, then the Remove won't work, either.

    For example, "Get-ADUser -Filter {Name -eq "$user"}" seems odd to me. I'm wondering why you wouldn't just use "Get-ADUser -Identity $user"" instead.

  • #96567

    Participant
    Points: 0
    Rank: Member

    Hello Don;
    Thank you for your response, perhaps I'm not following you here is what I get:
    $list = Get-Content d:\powershell_temp\svcfwsqlstg_accounts_bad.out
    echo $list
    svcFWSQLStg400Agent
    svcFWSQLStg400DBEng
    svcFWSQLStg400Int
    svcFWSQLStg450Agent
    svcFWSQLStg450DBENg
    svcFWSQLStg450SSRS
    svcFWSQLStg450SSRSAgent
    svcFWSQLStg450SSRSEng

    Get-Aduser -Identity $list
    Get-ADUser : Cannot convert 'System.Object[]' to the type 'Microsoft.ActiveDirectory.Management.ADUser' required by parameter 'Identity'. Specified
    method is not supported.
    At line:1 char:22
    + Get-Aduser -Identity $list
    + ~~~~~
    + CategoryInfo : InvalidArgument: (:) [Get-ADUser], ParameterBindingException
    + FullyQualifiedErrorId : CannotConvertArgument,Microsoft.ActiveDirectory.Management.Commands.GetADUser

    Thanks for the help
    Norm

  • #96569

    Keymaster
    Points: 1,619
    Helping HandTeam Member
    Rank: Community Hero

    Sure, but that's not what I suggested :). You gave -Identity an array. So, just re-using your original code:

    foreach ($user in (get-content d:\powershell_temp\svcfwsqlstg_accounts_bad.out)) {
      Get-ADUser -Identity $user
    }
    

    Is what I was asking.

  • #96570

    Participant
    Points: 0
    Rank: Member

    Hello Don;
    Had a senior moment forgot the foreach loop. Still having a small shall we say opportunity: Get-Aduser : Cannot find an object with identity: 'svcFWSQLStg450SSRSAgent' under: 'DC=cheri,DC=org'. This svc account is in AD doubled checked.

    Norm

  • #96576

    Participant
    Points: 0
    Rank: Member

    Hello Don;

    Please note the following, I do not understand why Get-ADUser does not work for svcFWSQLStg450SSRSAgent It does work when I do the following Get-ADUser -Filter {Name -eq 'svcFWSQLStg450SSRSAgent' } -SearchBase “OU=ServiceAccts,DC=cheri,DC=org”. This is why I was trying to use Remove-ADUser -Filter {Name -eq "$user"} -SearchBase “OU=ServiceAccts,DC=wvus,DC=org” Didn't seem I had any other options

    Here is the output:

    $ foreach ($user in (get-content d:\powershell_temp\svcfwsqlstg_accounts_bad.out )) {
    Get-Aduser -Identity $user -Properties DistinguishedName | Select-Object -ExpandProperty DistinguishedName
    #"Removing $user"
    }
    CN=svcFWSQLStg400Agent,OU=ServiceAccts,DC=cheri,DC=org
    CN=svcFWSQLStg400DBEng,OU=ServiceAccts,DC=cheri,DC=org
    CN=svcFWSQLStg400Int,OU=ServiceAccts,DC=cheri,DC=org
    CN=svcFWSQLStg450Agent,OU=ServiceAccts,DC=cheri,DC=org
    CN=svcFWSQLStg450DBENg,OU=ServiceAccts,DC=cheri,DC=org
    CN=svcFWSQLStg450SSRS,OU=ServiceAccts,DC=cheri,DC=org
    Get-Aduser : Cannot find an object with identity: 'svcFWSQLStg450SSRSAgent' under: 'DC=cheri,DC=org'.
    At line:2 char:1
    + Get-Aduser -Identity $user -Properties DistinguishedName | Select-Obj ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (svcFWSQLStg450SSRSAgent:ADUser) [Get-ADUser], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Manageme
    nt.Commands.GetADUser

    Get-Aduser : Cannot find an object with identity: 'svcFWSQLStg450SSRSEng' under: 'DC=cheri,DC=org'.
    At line:2 char:1
    + Get-Aduser -Identity $user -Properties DistinguishedName | Select-Obj ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (svcFWSQLStg450SSRSEng:ADUser) [Get-ADUser], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Manageme
    nt.Commands.GetADUser

    [1:03 PM]ndl@FWTS012:Powershell_Test $ Get-ADUser -Filter {Name -eq 'svcFWSQLStg450SSRSAgent' } -SearchBase “OU=ServiceAccts,DC=cheri,DC=org”

    DistinguishedName : CN=svcFWSQLStg450SSRSAgent,OU=ServiceAccts,DC=cheri,DC=org
    Enabled : True
    GivenName :
    Name : svcFWSQLStg450SSRSAgent
    ObjectClass : user
    ObjectGUID : b5013a82-daf5-4926-bd27-d5eba4d2a2b2
    SamAccountName : svcFWSQLStg450SSRSAg
    SID : S-1-5-21-2000478354-1229272821-682003330-40899
    Surname :
    UserPrincipalName : svcFWSQLStg450SSRSAgent@cheri.org

    [1:06 PM]ndl@FWTS012:Powershell_Test $ Get-ADUser -Identity svcFWSQLStg450SSRSAgent
    Get-ADUser : Cannot find an object with identity: 'svcFWSQLStg450SSRSAgent' under: 'DC=cheri,DC=org'.
    At line:1 char:1
    + Get-ADUser -Identity svcFWSQLStg450SSRSAgent
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (svcFWSQLStg450SSRSAgent:ADUser) [Get-ADUser], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Mi

    Thank you for your help!

    Norm

  • #96578

    Keymaster
    Points: 1,619
    Helping HandTeam Member
    Rank: Community Hero

    I'd manually look up that user and find out why. The -Identity parameter should run against:

    A distinguished name
    A GUID (objectGUID)
    A security identifier (objectSid)
    A SAM account name (sAMAccountName)

    So check those properties of the user(s) not working. For example, I note that the samAccountName isn't what you listed, it's "svcFWSQLStg450SSRSAg". The Name property isn't in the list of things searched by -Identity. So the "account name" is "svcFWSQLStg450SSRSAg".

    But, it looks like this:

    foreach ($user in (get-content d:\powershell_temp\svcfwsqlstg_accounts_bad.out)) {
      Get-ADUser -Identity $user | Remove-ADUser -WhatIf
    }
    

    Should list the users it's willing to remove. Delete "-WhatIf" and it should remove them.

  • #96587

    Participant
    Points: 0
    Rank: Member

    Hello Don;
    Great catch!! Yes indeed some the failing AD entries SamAccountName was different than the AD Name and DN. Since Get-ADuser -Identity goes after the SamAccountName and my input files contained the Name value hence the problem. Modified my input files and all is well.

    Thanks again!!

    Norm

The topic ‘Get-ADuser | Remove-ADUser not deleting users’ is closed to new replies.