Script repository

Import users to be deprovisioned

July 05, 2021 Views: 2660
Deprovisioning Import and Export User Accounts

The scripts disable or delete user accounts by importing a CSV file.

CSV file sample:

Name,Operation
pmason,Disable
"John Brown,CN=Users,DC=corp,DC=contoso,DC=com",Delete
S-1-5-21-3165297888-301567370-576410423-1103,Disable
Users can be specified by using the following properties of the user account:
  • Distinguished name (e.g. CN=SaraDavis,CN=Users,DC=corp,DC=contoso,DC=com)
  • GUID (e.g. 599C3D2E-F72D-4D20-8A88-030D99495F20)
  • Security identifier (e.g. S-1-5-21-3165297888-301567370-576410423-1103)
  • sAMAccountName (e.g. saradavis)
Note: The scripts use cmdlets from Adaxes PowerShell module for Active Directory. To run the script, you need to install the PowerShell Module for Active Directory component of Adaxes.

Script 1: CSV file on file share

The script deletes or disables user accounts based on the data from a CSV file stored on a file share. In the script, the $csvFilePath variable specifies the path to the CSV file to import.

Edit Remove
PowerShell
Import-Module Adaxes
$csvFilePath = "\\Server\Share\example.csv" # TODO: modify me
function ExecuteOperation ($username, $operationType)
{
    switch ($operationType)
    {
        "Delete"
        {
            # Try to delete the user
            try
            {
                Remove-AdmUser -Identity $userName -AdaxesService localhost -ErrorAction Stop -Confirm:$False
            }
            catch
            {
                return "Error: User '$userName' was not deleted. Error message: " + $_.Exception.Message
            }
            return "User '$userName' deleted successfully."
        }
        "Disable"
        {
            # Try to disable the User
            try
            {
                Disable-AdmAccount -Identity $userName -AdaxesService localhost -ErrorAction Stop
            }
            catch
            {
                return "Error: User '$userName' was not disabled. Error message: " + $_.Exception.Message
            }
            return "User '$userName' disabled successfully."
        }
        default
        {
            return "Unknown operation: " + $operationType + " for user: " + $user.username
        }
    }
}
# Check file path
if (!(Test-Path -Path $csvFilePath))
{
    Write-Host "File '$csvFilePath' was not found."
    return
}
# Import data
$csvFile = Import-Csv -Path $csvFilePath
foreach ($user in $csvFile)
{
    $result = ExecuteOperation $user.Name $user.Operation
    Write-Host $result
}

Script 2: File stored in a Binary attribute

The script deletes or disables user accounts based on the data from a CSV file stored in a Binary attribute (e.g. adm-CustomAttributeBinary1) of the target object.

Parameters:

  • $propertyName - Specifies the LDAP name of the Binary property where the CSV file is stored.
  • $clearProperty - Specifies whether to clear the property specified in the $propertyName variable after completing the import.
  • $tempCSVFilePath - Specifies a path to the CSV file that will be temporarily created for import. After completing the import, the file will be deleted.
Edit Remove
PowerShell
$propertyName = "adm-CustomAttributeBinary1" # TODO: modify me
$clearProperty = $True # TODO: modify me
$tempCSVFilePath = "C:\temp\Deprovision.csv" # TODO: modify me

function ExecuteOperation ($username, $operationType, $domainName)
{
    switch ($operationType)
    {
        "Delete"
        {
            # Attempt to delete the user
            try
            {
                Remove-AdmUser -Identity $userName -AdaxesService localhost -Server $domainName -ErrorAction Stop -Confirm:$False
            }
            catch
            {
                return "Error: User '$userName' was not deleted. Error message: " + $_.Exception.Message
            }
            return "User '$userName' deleted successfully."
        }
        "Disable"
        {
            # Attempt to disable the User
            try
            {
                Disable-AdmAccount -Identity $userName -AdaxesService localhost -Server $domainName -ErrorAction Stop
            }
            catch
            {
                return "Error: User '$userName' was not disabled. Error message: " + $_.Exception.Message
            }
            return "User '$userName' disabled successfully."
        }
        default
        {
            return "Unknown operation: " + $operationType + " for user: " + $user.username
        }
    }
}

$fileBinary = $Context.TargetObject.Get($propertyName)

# Save the data to a temporary file
try
{
    Set-Content -Path $tempCSVFilePath -Encoding byte -Value $fileBinary -ErrorAction Stop
}
catch
{
    $Context.LogMessage("An error occurred when creating a temporary CSV file. Error: " + $_.Exception.Message, "Warning")
    return
}

# Import data
$domainName = $Context.GetObjectDomain("%distinguishedName%")
$importedUsers  = Import-Csv -Path $tempCSVFilePath

foreach ($user in $importedUsers)
{
    $result = ExecuteOperation $user.Name $user.Operation $domainName
    $Context.LogMessage($result, "Information")
}

# Clear the property
if ($clearProperty)
{
    $Context.TargetObject.Put($propertyName, $NULL)
    $Context.TargetObject.SetInfo()
}

# Remove the temporary file
Remove-Item $tempCSVFilePath -Force
Comments 0
Leave a comment
Related Scripts

Got questions?

Support Questions & Answers