I’ve spent the better part of 4 days working on a monster script. I needed this script to perform the following actions:
- Take a list of usernames and ensure they exist in Active Directory (AD).
- Take a list of usernames and disable their AD accounts
- Take a list of usernames and delete their AD accounts
- Take a list of usernames and delete any files in their User profile and RDS profile
- Take a list of usernames and delete any local profiles present on XenApp Servers
- Take a list of usernames and delete any of their assigned XenDesktops
- Take a list of usernames and remove their account from any published application
- Review this list of usernames and remove any accounts that should not be removed
- Provide feedback with write-verbose messages and create a log file of any actions
Needless to say, this script can easily be broken down into different functions for reusability, but I wanted an all-in-one script that would be used by other support team members. This script assumes PowerShell 2.0 and that the following cmdlets are available:
- Microsoft Active Directory
- Citrix XenApp Commands (SDK for XenApp 6 or 6.5 so you can run remote commands)
- Citrix XenDesktop Commands
The user who runs the script should be a AD domain , XenApp and XenDesktop admin. I do not recommend using this script as is, but you may find parts you can use in your environment. Also review the URL’s in the .LINK section. I used ideas and code from these web pages to help write this script.
You can edit the #CONSTANTS section for your environment.
<# .SYNOPSIS Takes ad username or object of usernames and deletes user's resources and account from the domain and Citrix environment. .DESCRIPTION Removes a user's account and resources from the AD domain and Citrix environment. It is recommended that this script be run as an admin. In addition, the Microsoft Active Directory, XenDesktop, XenApp Powershell Cmdlets must be available for user and desktop deletion. .PARAMETER username Required parameter. User account(s) that will be deleted. User accounts must be disabled before deletion. See disable parameter. .PARAMETER disable Optional switch parameter. Defaults to $false. If present, user accounts will just be disabled. .EXAMPLE PS C:\PSScript > .\delete-citrixuser.ps1 -username "someuser" Will use all default values. No feedback messages will be shown. All user accounts are expected to be already disabled otherwise, no accounts will be deleted. .EXAMPLE PS C:\PSScript > .\delete-citrixuser.ps1 -username "someuser" -verbose Will use all default values. Feedback/progress messages will be shown. All user accounts are expected to be disabled otherwise, no accounts will be deleted. .EXAMPLE PS C:\PSScript > .\delete-citrixuser.ps1 -username "someuser" -disable -verbose Will use all default values. Will set AD user accounts to disabled. Feedback/progress messages will be shown. .INPUTS Username or object of usernames. .OUTPUTS To see feedback messages use the -verbose common parameter. No objects are output from this script. This script creates a user deletion log. .NOTES NAME: delete-citrixuser.ps1 VERSION: 1.00 CHANGE LOG - Version - When - What - Who 1.00 - 07/21/2014 - Initial script - Alain Assaf AUTHOR: Alain Assaf LASTEDIT: July 21, 2014 .LINK http://www.linkedin.com/in/alainassaf/ http://wagthereal.com http://stackoverflow.com/questions/11605893/checking-for-the-existence-of-an-ad-object-how-do-i-avoid-an-ugly-error-message http://powershell.com/cs/blogs/tips/archive/2009/06/26/using-switch-parameters.aspx http://technet.microsoft.com/en-us/library/ee692802.aspx Checking Setting Remote Desktop Services Profile Settings http://winpowershell.blogspot.com/2006/08/suppressing-output-using-out-null-and.html http://blogs.msdn.com/b/powershell/archive/2009/12/29/arguments-for-remote-commands.aspx
I look forward to any and all comments. I’m sure there are better ways to write some of the above. There’s always more than one way to skin a cat in PowerShell.