I was recently in need for a PowerShell Script, that will output all ConfigMgr Users, which no longer exists in Active Directory. I decided to write something on my own, which I wanted to share with this blog post.

How the script works

After specifying your Site-Server and the Site-Code at the Top of the Script, it will get all Users from Configuration Manager. If will then query Active Directory and check if there is a User that matches the SamAccountName that it received from Configuration Manager. If it can’t find a User, it will output Warnings as below:

Warning: 'User 1' not found in Active Directory
Warning: 'User 3' not found in Active Directory
Warning: 'User 6' not found in Active Directory

If configured to do so, the Script can prompt you to remove those users from Configuration Manager. More on that further below.

Prerequisites

The Script was tested with Windows Server 2016 and Configuration Manager current branch.

Download

The Script can be found on GitHub.

Usage

Download the Script from the GitHub Link above. Open the PowerShell file and modify the Site-Server and Site-Code, so it matches your environment. The Screenshot below is an example from my lab.

Execute the script, which might take a while based on the amount of users it needs to process. When it completes, you should get a bunch of Warnings with users that don’t exist anymore in Active Directory.

You can then either manually delete those users from Configuration Manager or you can change the Script Variable $deleteOrphanedUsers to $true, to make the Script delete them for you.

Important: PowerShell will prompt you to confirm the deletion of every single user.

(There is a little hint in the script on how you can automatically remove the users without getting any prompts. This modification needs to be done manually though because you need to know what you’re doing. 🙂 )