Removing orphaned Active Directory Users from Configuration Manager

I was recently in need for a PowerShell Script, that will output all ConfigMgr Users, which no longer exists in Active Directory. I decided to write something on my own, which I wanted to share with this blog post.

How the script works

After specifying your Site-Server and the Site-Code at the Top of the Script, it will get all Users from Configuration Manager. If will then query Active Directory and check if there is a User that matches the SamAccountName that it received from Configuration Manager. If it can’t find a User, it will output Warnings as below:

Warning: 'User 1' not found in Active Directory
Warning: 'User 3' not found in Active Directory
Warning: 'User 6' not found in Active Directory

If configured to do so, the Script can prompt you to remove those users from Configuration Manager. More on that further below.

Prerequisites

Configuration Manager ConsoleThe Script utilizes the Configuration Manager PowerShell Module, which is a part of the Console Installation.
Active Directory PowerShell ModuleThe module can be installed via Server Manager in the RSAT Features Sections.

The Script was tested with Windows Server 2016 and Configuration Manager current branch.

Download

The Script can be found on GitHub.

Usage

Download the Script from the GitHub Link above. Open the PowerShell file and modify the Site-Server and Site-Code, so it matches your environment. The Screenshot below is an example from my lab.

Execute the script, which might take a while based on the amount of users it needs to process. When it completes, you should get a bunch of Warnings with users that don’t exist anymore in Active Directory.

You can then either manually delete those users from Configuration Manager or you can change the Script Variable $deleteOrphanedUsers to $true, to make the Script delete them for you.

Important: PowerShell will prompt you to confirm the deletion of every single user.

(There is a little hint in the script on how you can automatically remove the users without getting any prompts. This modification needs to be done manually though because you need to know what you’re doing. 🙂 )

5/5 - (1 vote)

6 Comments

  1. Asier Aranda 5. September 2018
  2. MACHOUD 30. July 2020
  3. Alexanndr 28. October 2020

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.