Deleting users from Active Directory OU

Question

My organization uses Novell as its primary Directory Service. We are in the process of moving to an Active Directory Domain. I initially used a Windows 2003 Server to import all the accounts from Novell into AD using the Microsoft Directory Services Migration Tool. Weekly I import new accounts from the Novell using the same tool and selecting only the OUs that have either added or disable users.

Last week I was off. Another administrator attempted to do the weekly migration and accidentally imported the users to the wrong OU. This created duplicates in the directory structure. I am now tasked with removing those duplicated.

I have created a list of the users to be removed by exporting all the users from the correct target OU. I am now trying to use that list to target the incorrect OU and remove those LogonNames. I cannot use the SamAccountName as some accounts are longer than 20 characters and the SamAccountName has a 0 on the end of all the duplicates.

What I have so far in PowerShell is

Import-Module ActiveDirectory Import-Csv .\test.csv | ForEach-Object { Remove-ADUser $_.LogonName -Identity ou=WRONGOU,DC=MyDomain, dc=edu -Confirm:$false }

But I cannot get this to work.

What would be even more elegant would be a way to compare the two OUs and if the name appears in both delete it from the wrong OU.

Answer 1

We found a solution. Not as elegant as I would have liked, but it works. One of my local coders came up with this PHP code. It extracts the users ending with 0 and then puts them in a separate csv file.

$d = array();
$csv = array_map('str_getcsv', file('users.csv'));
foreach ($csv as $i) {
    if (substr($i[0], -1) == '0') {
        $d[] = '"' . $i[0] . '"';
    }
}
file_put_contents('zerousers.txt', implode(PHP_EOL, $d));

from there you only need to run the standard delete command

import-csv c:\zerousers.txt | foreach {Remove-ADUser -Identity $_.samaccountname -Confirm:$false}