I was recently in need for a PowerShell Script, that will output all ConfigMgr Users, which no longer exists in Active Directory. I decided to write something on my own, which I wanted to share with this blog post.
How the script works
After specifying your Site-Server and the Site-Code at the Top of the Script, it will get all Users from Configuration Manager. If will then query Active Directory and check if there is a User that matches the SamAccountName that it received from Configuration Manager. If it can’t find a User, it will output Warnings as below:
Warning: 'User 1' not found in Active Directory
Warning: 'User 3' not found in Active Directory
Warning: 'User 6' not found in Active Directory
If configured to do so, the Script can prompt you to remove those users from Configuration Manager. More on that further below.
|Configuration Manager Console||The Script utilizes the Configuration Manager PowerShell Module, which is a part of the Console Installation.|
|Active Directory PowerShell Module||The module can be installed via Server Manager in the RSAT Features Sections.|
The Script was tested with Windows Server 2016 and Configuration Manager current branch.
The Script can be downloaded from TechNet Gallery.
Download the Script from the TechNet Gallery Link above. Open the PowerShell file and modify the Site-Server and Site-Code, so it matches your environment. The Screenshot below is an example from my lab.
Execute the script, which might take a while based on the amount of users it needs to process. When it completes, you should get a bunch of Warnings with users that don’t exist anymore in Active Directory.
You can then either manually delete those users from Configuration Manager or you can change the Script Variable $deleteOrphanedUsers to $true, to make the Script delete them for you.
Important: PowerShell will prompt you to confirm the deletion of every single user.
(There is a little hint in the script on how you can automatically remove the users without getting any prompts. This modification needs to be done manually though because you need to know what you’re doing. 🙂 )