다음을 통해 공유

Configuration Manager: Removing Orphaned AD Users

  • 아티클

Introduction

This article will demonstrate how we can easily remove Users from System Center Configuration Manager, that no longer exist in Active Directory.

For this we utilize a Community PowerShell Script.

How the Scripts works

After specifying our Site-Server and the Site-Code at the Top of the Script, it will get all Users from Configuration Manager. If will then query Active Directory and check if there is a User that matches the SamAccountName that it received from Configuration Manager. If it can't find a User, it will output Warnings as below:

   Warning: 'User 1' not found in Active Directory
    Warning: 'User 3' not found in Active Directory
    Warning: 'User 6' not found in Active Directory

If configured to do so, the Script can prompt you to remove those users from Configuration Manager. More on that further below.

Prerequisites

   
Configuration Manager Console The Script utilizes the Configuration Manager PowerShell Module, which is a part of the Console Installation.
Active Directory PowerShell Module The module can be installed via Server Manager in the RSAT Features Sections.

The Script was tested with Windows Server 2016 and Configuration Manager current branch.

Download

The Script can be downloaded from TechNet Gallery.

Usage

Download the Script from the TechNet Gallery Link above. Open the PowerShell file and modify the Site-Server and Site-Code, so it matches our environment. The Screenshot below is an example from my lab.

https://msitproblog.com/wp-content/uploads/2018/05/ConfigMgr_DeletedADUsers_part1.png

Execute the script, which might take a while based on the amount of users it needs to process. When it completes, we should get a bunch of warnings with users that don't exist anymore in Active Directory.

https://msitproblog.com/wp-content/uploads/2018/05/ConfigMgr_DeletedADUsers_featureImage-1.png

We can then either manually delete those users from Configuration Manager or we can change the Script Variable $deleteOrphanedUsers to $true, to make the Script delete them for us.

Important: PowerShell will prompt to confirm the deletion of every single user.

There is a little hint in the script on how we can automatically remove the users without getting any prompts. This modification needs to be done manually though because we need to know what we're doing. :)