Public/Remove-ADSIComputer.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
function Remove-ADSIComputer
{
<#
.SYNOPSIS
    Function to Remove a Computer Account
 
.DESCRIPTION
    Function to Remove a Computer Account
 
.PARAMETER Identity
    Specifies the Identity of the Computer.
 
    You can provide one of the following:
        DistinguishedName
        Guid
        Name
        SamAccountName
        Sid
 
.PARAMETER Credential
    Specifies the alternative credential to use.
    By default it will use the current user windows credentials.
 
.PARAMETER DomainName
    Specifies the alternative Domain.
    By default it will use the current domain.
 
.PARAMETER Recursive
    Specifies that any child object should be deleted as well
    Typically you would use this parameter if you get the error "The directory service can perform the requested operation only on a leaf object"
    when you try to delete the object without the -recursive param
 
.EXAMPLE
    Remove-ADSIComputer -identity TESTSERVER01
 
    This command will Remove the account TESTSERVER01
 
.EXAMPLE
    Remove-ADSIComputer -identity TESTSERVER01 -recursive
 
    This command will Remove the account TESTSERVER01 and all the child leaf
 
.EXAMPLE
    Remove-ADSIComputer -identity TESTSERVER01 -whatif
 
    This command will emulate removing the account TESTSERVER01
 
.EXAMPLE
    Remove-ADSIComputer -identity TESTSERVER01 -credential (Get-Credential)
 
    This command will Remove the account TESTSERVER01 using the alternative credential specified
 
.EXAMPLE
    Remove-ADSIComputer -identity TESTSERVER01 -credential (Get-Credential) -domain LazyWinAdmin.local
 
    This command will Remove the account TESTSERVER01 using the alternative credential specified in the domain lazywinadmin.local
 
.NOTES
    Francois-Xavier.Cat
    LazyWinAdmin.com
    @lazywinadm
    github.com/lazywinadmin
 
.LINK
    https://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.computerprincipal(v=vs.110).aspx
#>

    [CmdletBinding(SupportsShouldProcess = $true)]
    PARAM (
        [parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, ValueFromPipeline = $true)]
        $Identity,

        [Alias("RunAs")]
        [System.Management.Automation.PSCredential]
        [System.Management.Automation.Credential()]
        $Credential = [System.Management.Automation.PSCredential]::Empty,

        [String]$DomainName,

        [Switch]$Recursive
    )
    
    BEGIN
    {
        Add-Type -AssemblyName System.DirectoryServices.AccountManagement
        
        # Create Context splatting
        $ContextSplatting = @{ }
        IF ($PSBoundParameters['Credential']) { $ContextSplatting.Credential = $Credential }
        IF ($PSBoundParameters['DomainName']) { $ContextSplatting.DomainName = $DomainName }
        
        $Context = New-ADSIPrincipalContext @ContextSplatting -contexttype Domain
    }
    PROCESS
    {
        TRY
        {
            # Not Recursive
            if (-not $PSBoundParameters['Recursive'])
            {
                if ($pscmdlet.ShouldProcess("$Identity", "Remove Account"))
                {
                    $Account = Get-ADSIComputer -Identity $Identity @ContextSplatting
                    $Account.delete()
                }
            }
            
            # Recursive (if the computer is the parent of one leaf or more)
            if ($PSBoundParameters['Recursive'])
            {
                if ($pscmdlet.ShouldProcess("$Identity", "Remove Account and any child objects"))
                {
                    $Account = Get-ADSIComputer -Identity $Identity @ContextSplatting
                    $Account.GetUnderlyingObject().deletetree()
                }
            }
            
        }
        CATCH
        {
            Write-Error $Error[0]
        }
    }
}