header image

Deleting AD user accounts

Posted by: | January 8, 2012 | 1 Comment |

At sometime we have to delete user accounts.  This can be accomplished using any of the following methods. The important point is to ensure your processes have enough checks and balances to ensure you delete the correct account!

if (-not (Get-Module ActiveDirectory)){            
  Import-Module ActiveDirectory            
$ou = "OU=England,DC=Manticore,DC=org"            
$name = "User1"            
$dn = "cn=$name,$ou"            
Get-ADUser -Identity $dn |             
"`nAD provider"            
$name = "User2"            
$dn = "cn=$name,$ou"            
Remove-Item -Path AD:\$dn  -Force            
$name = "User3"            
Get-QADUser -Identity $name -SizeLimit 3000 |            
Remove-QADObject -Force            
$name = "User4"            
$dn = "cn=$name,$ou"            
$user = [adsi]"LDAP://$dn"            


A couple of quirks with these:

  • The Microsoft cmdlet doesn’t have a –Force parameter so you have to go through the confirmation process
  • The AD provider doesn’t pick up the path when you pipe get-item | remove-item so we have to jump straight to remove
  • No checks on the script – its just gone
under: PowerShell and Active Directory

1 Comment

  1. By: Rich Kusak on January 11, 2012 at 8:45 am      

    Force would be nice but you can still bypass the confirmation process.

    Remove-ADObject -Confirm:$false