Deleting User Accounts
Microsoft® Windows® 2000 Scripting Guide
Deleting a user account object in Active Directory is the final step in the life cycle of a user account. Deleting a user account clears all of its attributes and tombstones the account in Active Directory. The object remains marked with a tombstone until the cleanup process permanently removes it. Once deleted, there is no way to recover the user account.
To delete a user account by using an ADSI script, you must use the Delete method of the IADsContainer interface. Like IADs, IADsContainer is a core interface. IADsContainer is used to create, delete, and manage objects contained inside other objects. In this case, the user account object is contained in either an OU or one of the built-in containers, such as the Users container.
Table 7.10 shows the arguments of the Delete method.
Table 7.10 Arguments of the Delete Method
Argument |
Type |
Required |
Default |
Description |
|---|---|---|---|---|
Class |
string |
Yes |
None |
Name of the schema class object to delete |
Relative Distinguished Name |
string |
Yes |
None |
Value of the objects name attribute |
Scripting Steps
Listing 7.22 contains a script that deletes a user account from an OU. To carry out this task, the script performs the following steps:
Bind to the OU from which the object will be deleted by using the GetObject function and the LDAP provider.
Call the Delete method of the IADsContainer interface.
Listing 7.22 Deleting an Active Directory User Account
1 2 |
|
The user is immediately deleted from Active Directory. You do not need to call SetInfo to commit the change.