Jketels
New Member
Posts:6
 |
| 18 Mar 2010 05:48 AM |
|
Hi everyone,
I would like some help for a question that i get from a customer of mine.
He is running a DC wich is server 2008 R2 powershell V2. (NO quest software)
He has 50 computers starting with the name finan01-50 and 50 computers starting with offic01-50.
He has also al lot of random computernames in his domain.
His wish is to run a search command that sellects all the computers starting with *OFFIC* , and then removes them from the AD.
I need some help with it.... I searched the WHOLE web but cannot find someone that has done this before.
Thanks for your help!
|
|
|
|
|
cameronove
Basic Member
Posts:332
|
| 18 Mar 2010 07:49 AM |
|
You could try this:
Get-ADComputer -filter {name -like '*offic*'} | %{Remove-ADComputer $_.distinguishedName} |
|
|
|
|
cameronove
Basic Member
Posts:332
|
| 18 Mar 2010 07:56 AM |
|
As a side you note you may need administrator privileges for that to run. If so you could do this:
$admin = get-credential "domain\adminuser"
Get-ADComputer -filter {name -like '*offic*'} | %{Remove-ADComputer $_.distinguishedName -Credential $admin}
|
|
|
|
|
Jketels
New Member
Posts:6
|
| 18 Mar 2010 08:42 AM |
|
Thanks for your reply cameronove,
It works great, exept that he questions every time if I want to perform this action (deleting from the computer account) .... Yes Yes to all No No to all.... for every computer.
Is there a way to enforce it ? |
|
|
|
|
cameronove
Basic Member
Posts:332
|
| 18 Mar 2010 08:55 AM |
|
Add -confirm:$false to the end of the Remove-ADComputer statement:
$admin = get-credential "domain\adminuser"
Get-ADComputer -filter {name -like '*offic*'} | %{Remove-ADComputer $_.distinguishedName -Credential $admin -confirm:$false}
|
|
|
|
|
Jketels
New Member
Posts:6
|
| 18 Mar 2010 11:11 AM |
|
Thanks!!! this works great..
But now i`m trying to build the script in ADSI. (ADO)
This is what I have untill now... I have tried to make it myself... the lines here below are samples I used for trying my script, they are not yet functional.
Could you also help me with this? ( I know i`m a real pain in the **s)
$objDomain = [ADSI]"LDAP://DC01/dc=*****,dc=******”
$strCategory = "computer"
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.Filter = ("(objectCategory=$strCategory)")
$compdel = $computer.GetDirectoryEntry()
$compdel.psbase.DeleteTree() |
|
|
|
|
cameronove
Basic Member
Posts:332
|
| 18 Mar 2010 12:19 PM |
|
You are trying to build the same functionality with ADSI? If you don't mind my asking, "Why?"
Only reason is that perhaps there is a solution that may be easier than doing this in ADSI. I kind of avoid using ADSI and with the Quest tools or native ActiveDirectory module I've been able to do in PowerShell everything I used to do with VBScript and ADSI with much fewer lines.
Not that ADSI doesn't have it's place from time to time. But if it really isn't necessary then why use it? |
|
|
|
|
Jketels
New Member
Posts:6
|
| 18 Mar 2010 12:25 PM |
|
You are absolutely right... this does the job!
My customer is a little bit hard headed.... he wanted to do everthing with ADSI...
And you now... (what they say in the Netherlands) The customer is King...
I just convinced him about the functionality that you had written!
Thanks for your effort. |
|
|
|
|
cameronove
Basic Member
Posts:332
|
| 18 Mar 2010 12:37 PM |
|
Customer is King...True that.
I hope your customer doesn't read that he's a bit hard headed...LOL
So to verify, are you saying that you do NOT need the solution in ADSI?
|
|
|
|
|
Jketels
New Member
Posts:6
|
| 18 Mar 2010 12:41 PM |
|
The customer is satisfied at the moment, but now i`m curious about wat the line would be in ADSI.
So if it is not to much work... I would be glad to now wat the solution is in ADSI...
It`s also good for my developement as Microsoft specialist (and rookie Powersheller) in my daily work. |
|
|
|
|
cameronove
Basic Member
Posts:332
|
| 18 Mar 2010 06:17 PM |
|
OK this is as close as I'm going to get. I know it looks like I'm using .NET exclusively, but these .NET objects are just wrappers for ADSI. I didn't test the delete part. I did test up to the delete portion though and it works fine to that point. This script is 'as is'--you'll have to do further research if it doesn't work, unless someone else on the forum has expertise on this subject. I found most of this on various forums on the Internet though so the process is out there if you just dig for it.
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$root = $dom.GetDirectoryEntry()
$search = [System.DirectoryServices.DirectorySearcher]$root
$search.filter = "(&(objectclass=computer)(name=*offic*))"
$search.findall() | %{$_.GetDirectoryEntry() } | %{$_.DeleteObject(0)}
|
|
|
|
|
Jketels
New Member
Posts:6
|
| 19 Mar 2010 12:24 AM |
|
Cameronove for President!
It works like a charm!!!
Thanks for your effort!!! you made my day! |
|
|
|
|
TheMcGreggor
New Member
Posts:1
|
| 13 Aug 2010 12:13 PM |
|
Hey thanks for the ADSI version. I originally tried using Remove-ADComputer but PS said that the cmdlet was not recognized; do you think that was because I am still working in PS1.0?
Below is my script if anyone is interested. It will read a list of distinguished names (I ran a separate script to get that) that I want removed from AD and generate a little before and after report while processing the list. It may not be pretty but it works nicely. If you have any suggestions as to how to do this better feel free to let me know; I am always open for improvement :)
#ps1
#Remove objects from AD using a list of distinguished names.
#J.McGreggor; 13Aug2010
$list = gc C:\working\distNames.txt
function getObject($_){
write-host "You would like to remove the following object(s)..."
foreach($computer in $_){
$domain = [System.DirectoryServices.ActiveDirectory.Domain]::getcurrentdomain()
$domain = $domain.GetDirectoryEntry()
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher($root)
$objSearcher.Filter = "(distinguishedName=$computer)"
$objToDelete = $objSearcher.FindOne()
if ($objToDelete -ne $null){
$objToDel = $objToDelete.getDirectoryEntry().name
}
$objToDel
}
}
function getInput(){
write-host "Do you wish to continue? "
write-host "[Y]es or [N]o :"
while ($resp -notmatch "Y"){
$resp = Read-Host
if ($resp -imatch "Y"){
Write-Host "Processing"
remObjects($list)
}
elseif ($resp -imatch "N"){
Write-Host "Quitting"
exit
}
}
}
function remObjects($_){
foreach($computer in $_){
$domain = [System.DirectoryServices.ActiveDirectory.Domain]::getcurrentdomain()
$domain = $domain.GetDirectoryEntry()
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher($root)
$objSearcher.Filter = "(distinguishedName=$computer)"
$objToDel = $objSearcher.FindOne()
if ($objToDel -ne $null){
$mesg = "Deleting " + $objToDel.getDirectoryEntry().name
$mesg
$objToDel.getDirectoryEntry() | %{$_.DeleteObject(0)}
$mesg = "Entry " + $objToDel.getDirectoryEntry().name + ", removed!"
$mesg
}
}
}
##Review list.
getObject($list)
##Process request.
getInput($list)
|
|
|
|
|
cameronove
Basic Member
Posts:332
|
| 20 Aug 2010 12:20 PM |
|
I don't think your version of PS is the problem. Page 9 of the ActiveRoles Mgmt Shell Admin guide states this a pre-requisites: You might look at what version of .Net you have installed.
Installation Requirements
Before you install ActiveRoles Management Shell, ensure that your system has the following software
installed:
• Windows XP Service Pack 2, Windows 2003 Service Pack 1, or later versions of Windows
• Microsoft .NET Framework 3.5 Service Pack 1, or a later version of .NET Framework
• Microsoft Windows PowerShell 1.0 or 2.0 |
|
|
|
|