Summary: Learn how to translate between ADSI, Quest, and Windows PowerShell cmdlets for creating users.
Hey, Scripting Guy!
I downloaded a script from the Internet to remove users, but it's designed to use the newer Windows PowerShell cmdlets. My server environment doesn't have them available yet. Can you help me convert to them?
—RD
Hello RD,
Honorary Scripting Guy, Sean Kearney, here. I'm working with my old friend, Kevin. This is the third post in a series. For more, see:
Kevin discovered the power of Bing, and he found a really cool script for purging users. He found a snag though.
"I have to do some work in a remote location, and they don't have a newer domain controller there yet. The change request is still in process, and we need to purge a lot of users. I found a great script to do this, but it only works with the new Windows PowerShell cmdlets."
He sat there with big yellow Labrador eyes blinking, "Can you help out a guy here?"
The script was actually not much more than the following. It provides an Import-CSV to pull in a list of user names, then a cmdlet to delete them:
$PurgeList=IMPORT-CSV PurgeList.Csv
Foreach ($User in $PurgeList)
{
Remove-ADuser $User.Name –confirm:$False
}
Kevin shared some information from the instructions, "I give it a list of SamAccountNames in a CSV file and simply run it through. On the remote site, I've got the Quest cmdlets installed on a management workstation."
"Ah good. So you're not going to accidentally reboot anymore file servers?" I nudged him in the side. Quickly I showed him the Quest cmdlet for removing a user:
REMOVE-QADObject
"Believe it or not, this one behaves almost identically to the Windows PowerShell cmdlet, but instead of using –confirm, we use –force:"
$PurgeList=IMPORT-CSV PurgeList.Csv
Foreach ($User in $PurgeList)
{
Remove-QADobject $User.Name –force
}
Kevin's jaw dropped to the floor. "That's it? I thought there was going to be something cool and challenging about this…"
"Well," I smiled, "It would be if you were asking me to do this with the [ADSI] accelerator. There's a little bit extra there."
Kevin rubbed his hands with glee, "Ah! Fun stuff!"
"Yep. We have to drop in a whole five extra lines after we remove the cmdlet!"
$Name='CN='+$User.Name
$Parent='OU=Grok,DC=Contoso,DC=Local'
$Class="user"
$Connection=[ADSI]"LDAP://$Parent"
$DeleteUser=$Connection.delete($Class, $Name)
So the same script using [ADSI] would look like this:
$PurgeList=IMPORT-CSV PurgeList.Csv
Foreach ($User in $PurgeList)
{
$Name='CN='+$User.Name
$Parent='OU=Grok,DC=Contoso,DC=Local'
$Class="user"
$Connection=[ADSI]"LDAP://$Parent"
$DeleteUser=$Connection.delete($Class, $Name)
}
"Now if you want really hard and scary, we could sit down and this with VBScript."
I've never seen anybody turn around and run so fast.
Pop in tomorrow as Kevin and I have some more "transforming fun" with Active Directory and Windows PowerShell.
I invite you to follow The Scripting Guys on Twitter and Facebook. If you have any questions, send an email to The Scripting Guys at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then remember eat your cmdlets each and every day with a dash of creativity.
Sean Kearney, Windows PowerShell MVP and Honorary Scripting Guy