I’ve been re-writing some automated processes around user account lifecycle recently, making use of the Active Directory PowerShell module on Windows Server 2012. Most recently this involved removing a large number of expired user accounts. On the first attempt of trying to remove the user objects I was receiving this error for a number of them, seemingly at random: Remove-ADObject : The directory service can perform the requested operation only on a leaf object So why would a user object in AD not be a leaf object? It turns out that when a user connects a device to Exchange with EAS, there’s an AD object created … Continue reading Deleting AD Users with PowerShell – Why is a user not a leaf object?
I’ve spent two days this week at Microsoft’s UK HQ at Thames Valley Park at an Identity Management event run by Oxford Computer Group – basically learning about Forefront Identity Manager (FIM) 2010 (and 2010 R2). It also gave me the opportunity to catch up with some old friends and make some new ones, which is always good. My knowledge of FIM prior to this was based almost entirely on a collection of FIM Ramp Up videos on the TechNet site, although I have a reasonable about of experience of the challenges around Identity Management, having helped develop the in-house … Continue reading First taste of FIM