We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script repository

Import users to be deprovisioned

July 05, 2021 Views: 2696

The scripts disable or delete user accounts by importing a CSV file.

CSV file sample:

Name,Operation
pmason,Disable
"John Brown,CN=Users,DC=corp,DC=contoso,DC=com",Delete
S-1-5-21-3165297888-301567370-576410423-1103,Disable
Users can be specified by using the following properties of the user account:
  • Distinguished name (e.g. CN=SaraDavis,CN=Users,DC=corp,DC=contoso,DC=com)
  • GUID (e.g. 599C3D2E-F72D-4D20-8A88-030D99495F20)
  • Security identifier (e.g. S-1-5-21-3165297888-301567370-576410423-1103)
  • sAMAccountName (e.g. saradavis)
Note: The scripts use cmdlets from Adaxes PowerShell module for Active Directory. To run the script, you need to install the PowerShell Module for Active Directory component of Adaxes.

Script 1: CSV file on file share

The script deletes or disables user accounts based on the data from a CSV file stored on a file share. In the script, the $csvFilePath variable specifies the path to the CSV file to import.

Edit Remove
PowerShell
Import-Module Adaxes
$csvFilePath = "\\Server\Share\example.csv" # TODO: modify me
function ExecuteOperation ($username, $operationType)
{
    switch ($operationType)
    {
        "Delete"
        {
            # Try to delete the user
            try
            {
                Remove-AdmUser -Identity $userName -AdaxesService localhost -ErrorAction Stop -Confirm:$False
            }
            catch
            {
                return "Error: User '$userName' was not deleted. Error message: " + $_.Exception.Message
            }
            return "User '$userName' deleted successfully."
        }
        "Disable"
        {
            # Try to disable the User
            try
            {
                Disable-AdmAccount -Identity $userName -AdaxesService localhost -ErrorAction Stop
            }
            catch
            {
                return "Error: User '$userName' was not disabled. Error message: " + $_.Exception.Message
            }
            return "User '$userName' disabled successfully."
        }
        default
        {
            return "Unknown operation: " + $operationType + " for user: " + $user.username
        }
    }
}
# Check file path
if (!(Test-Path -Path $csvFilePath))
{
    Write-Host "File '$csvFilePath' was not found."
    return
}
# Import data
$csvFile = Import-Csv -Path $csvFilePath
foreach ($user in $csvFile)
{
    $result = ExecuteOperation $user.Name $user.Operation
    Write-Host $result
}

Script 2: File stored in a Binary attribute

The script deletes or disables user accounts based on the data from a CSV file stored in a Binary attribute (e.g. adm-CustomAttributeBinary1) of the target object.

Parameters:

  • $propertyName - Specifies the LDAP name of the Binary property where the CSV file is stored.
  • $clearProperty - Specifies whether to clear the property specified in the $propertyName variable after completing the import.
  • $tempCSVFilePath - Specifies a path to the CSV file that will be temporarily created for import. After completing the import, the file will be deleted.
Edit Remove
PowerShell
$propertyName = "adm-CustomAttributeBinary1" # TODO: modify me
$clearProperty = $True # TODO: modify me
$tempCSVFilePath = "C:\temp\Deprovision.csv" # TODO: modify me

function ExecuteOperation ($username, $operationType, $domainName)
{
    switch ($operationType)
    {
        "Delete"
        {
            # Attempt to delete the user
            try
            {
                Remove-AdmUser -Identity $userName -AdaxesService localhost -Server $domainName -ErrorAction Stop -Confirm:$False
            }
            catch
            {
                return "Error: User '$userName' was not deleted. Error message: " + $_.Exception.Message
            }
            return "User '$userName' deleted successfully."
        }
        "Disable"
        {
            # Attempt to disable the User
            try
            {
                Disable-AdmAccount -Identity $userName -AdaxesService localhost -Server $domainName -ErrorAction Stop
            }
            catch
            {
                return "Error: User '$userName' was not disabled. Error message: " + $_.Exception.Message
            }
            return "User '$userName' disabled successfully."
        }
        default
        {
            return "Unknown operation: " + $operationType + " for user: " + $user.username
        }
    }
}

$fileBinary = $Context.TargetObject.Get($propertyName)

# Save the data to a temporary file
try
{
    Set-Content -Path $tempCSVFilePath -Encoding byte -Value $fileBinary -ErrorAction Stop
}
catch
{
    $Context.LogMessage("An error occurred when creating a temporary CSV file. Error: " + $_.Exception.Message, "Warning")
    return
}

# Import data
$domainName = $Context.GetObjectDomain("%distinguishedName%")
$importedUsers  = Import-Csv -Path $tempCSVFilePath

foreach ($user in $importedUsers)
{
    $result = ExecuteOperation $user.Name $user.Operation $domainName
    $Context.LogMessage($result, "Information")
}

# Clear the property
if ($clearProperty)
{
    $Context.TargetObject.Put($propertyName, $NULL)
    $Context.TargetObject.SetInfo()
}

# Remove the temporary file
Remove-Item $tempCSVFilePath -Force
Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers