Author Posts

August 18, 2015 at 5:37 am

Hey there, My corp has a script that is supposed to all the disabled accounts after 90 days in a certain OU along with deleting their mailbox... the mailbox gets deleted but the AD useraccount does not get deleted. There is no real error output that i can tell.

Im not real involved with PS. only at a superficial level. If you see any glaring problem would be much apprecated.

param($email)

# Add PowerShell Snap-Ins as Required
if ( (Get-Module -Name ActiveDirectory -ErrorAction SilentlyContinue) -eq $null ){
Import-Module ActiveDirectory
}

if ( (Get-PSSnapin -Name Microsoft.Exchange.Management.PowerShell.E2010 -ErrorAction SilentlyContinue) -eq $null ){
Add-PsSnapin Microsoft.Exchange.Management.PowerShell.E2010
}

if ( (Get-PSSnapin -Name Microsoft.Exchange.Management.Powershell.Support -ErrorAction SilentlyContinue) -eq $null ){
Add-PsSnapin Microsoft.Exchange.Management.Powershell.Support
}

$Date = get-date -F MM-dd-yyyy
$TermDate = (Get-Date).AddDays(-90)
$StageDate = Get-Date $TermDate -format yyyyMMdd
$StagingAccountOU = "OU=StagedTerms,OU=Disabled,OU=RELS Users,DC=llc,DC=com"
$StagingShareRoot = '\\Fileserver01\e$\StagedTerms'
$EmailRecipients = 'admins@corp.com'

#Setup Log file
[datetime]$starttime=Get-Date
$RunTime=get-date -uformat "%Y-%m-%d-%H%M"
$logfilename="..\Logs\AD-DeleteUsers-" + $RunTime + ".txt"
write-host "Logging output to file " + $logfilename
write-output "### Start of AD Delete Termed Users Script ###" | out-file -append $logfilename

$UserList = @(Get-ADUser -SearchBase $StagingAccountOU -SearchScope OneLevel -Filter {(businessCategory -le $StageDate) -and (businessCategory -like "*") -and (enabled -eq $False)} -Properties businessCategory)

write-host "Number of accounts to process:" $UserList.count
write-output ("Number of accounts to process:"+ $UserList.count ) | out-file -append $logfilename

foreach ($User in $UserList){
write-host "Processing Account:"$User.SAMAccountName
write-output ("Processing Account:"+ $User.SAMAccountName ) | out-file -append $logfilename

$Userid = $User.SAMAccountName

# Make note of user account name and status
$email = $email + "`n$Userid has been disabled for 90+ days"

# Identify P:\ Drive in StagedTerms folder structure
$UserDir = Get-Item $StagingShareRoot\$Userid -EA 0 -EV +X
if (!!$Userdir){
#Delete User data if exists
Remove-Item -Force $UserDir -recurse -EA 0 -EV +X
if ($lastexitcode -ne 1){
$email = $email + "`n `a Deleted $StagingShareRoot\$User"
} else {
$email = $email + "`n `a ERROR: Could not delete $StagingShareRoot\$User folder does not exist"
}
$UserDir = $null
} else {
$email = $email + "`n `a $X"
}

# Delete Exchange Mailbox & User Account
#Moved to Stage 2 1/25/2013 Remove-Mailbox -Identity $User -Confirm:$false
Remove-ADUser -Identity $User -Confirm:$false
$email = $email + "`n `a Removed Account and Exchange Mailbox for $User"

}

August 18, 2015 at 5:43 am

What happens if you make the script confirm the Remove-ADUser action?

August 18, 2015 at 8:37 am

Im not sure how to do that 🙁

August 18, 2015 at 10:21 am

Nothing glaring, and stripping it down to its bare bones it's deleting users when I test it. My suspicion is that this is a permissions problem or that the objects are protected against accidental deletion (which will also give an Access Denied error).

Can you run the script exactly as before and then, in the same console, run

Write-Output $ErrorActionPreference

Check that it is not set to 'SilentlyContinue'. If it is then this will supress errors which hinders troubleshooting.