Public/Remove-ADSIUser.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
function Remove-ADSIUser
{
<#
.SYNOPSIS
 Function to delete a User Account
 
.DESCRIPTION
 Function to delete a User Account
 
.PARAMETER Identity
 Specifies the Identity of the User.
 
 You can provide one of the following properties
  DistinguishedName
  Guid
  Name
  SamAccountName
  Sid
  UserPrincipalName
  
 Those properties come from the following enumeration:
  System.DirectoryServices.AccountManagement.IdentityType
 
.PARAMETER Credential
 Specifies the alternative credential to use.
 By default it will use the current user windows credentials.
 
.PARAMETER DomainName
 Specifies the alternative Domain.
 By default it will use the current domain.
 
.PARAMETER Recursive
    Specifies that any child object should be deleted as well
    Typically you would use this parameter if you get the error "The directory service can perform the requested operation only on a leaf object"
    when you try to delete the object without the -recursive param
  
 Typically used when you have Exchange/ActiveSync in your domain, some users happens to have sub child items.
  
.EXAMPLE
 Remove-ADSIUser -identity fxtest02
 
 This command will Remove the account fxtest02 from the current domain
  
.EXAMPLE
 Remove-ADSIUser -identity fxtest02 -whatif
  
 This command will emulate removing the account fxtest02
  
.EXAMPLE
 Remove-ADSIUser -identity fxtest02 -credential (Get-Credential)
 
 This command will Remove the account fxtest02 using the alternative credential specified
 
.EXAMPLE
 Remove-ADSIUser -identity fxtest02 -credential (Get-Credential) -domain LazyWinAdmin.local
 
 This command will Remove the account fxtest02 using the alternative credential specified in the domain lazywinadmin.local
 
.EXAMPLE
 Remove-ADSIUser -identity fxtest02 -recursive
 
 This command will Remove the account fxtest02 and all the child objects.
  
.NOTES
 Francois-Xavier.Cat
 LazyWinAdmin.com
 @lazywinadm
 github.com/lazywinadmin
  
.LINK
 https://msdn.microsoft.com/en-us/library/System.DirectoryServices.AccountManagement.UserPrincipal(v=vs.110).aspx
#>

    [CmdletBinding(SupportsShouldProcess = $true)]
    PARAM (
        [parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, ValueFromPipeline = $true)]
        $Identity,

        [Alias("RunAs")]
        [System.Management.Automation.PSCredential]
        [System.Management.Automation.Credential()]
        $Credential = [System.Management.Automation.PSCredential]::Empty,

        [String]$DomainName,

        [Switch]$Recursive
    )
    
    BEGIN
    {
        Add-Type -AssemblyName System.DirectoryServices.AccountManagement
        
        # Create Context splatting
        $ContextSplatting = @{ }
        IF ($PSBoundParameters['Credential']) { $ContextSplatting.Credential = $Credential }
        IF ($PSBoundParameters['DomainName']) { $ContextSplatting.DomainName = $DomainName }
        
        $Context = New-ADSIPrincipalContext @ContextSplatting -contexttype Domain
    }
    PROCESS
    {
        TRY
        {
            # Not Recursive
            if (-not $PSBoundParameters['Recursive'])
            {
                if ($pscmdlet.ShouldProcess("$Identity", "Remove Account"))
                {
                    (Get-ADSIUser -Identity $Identity @ContextSplatting).Delete()
                }
            }
            
            # Recursive
            if ($PSBoundParameters['Recursive'])
            {
                if ($pscmdlet.ShouldProcess("$Identity", "Remove Account and any child objects"))
                {
                    (Get-ADSIUser -Identity $Identity @ContextSplatting).GetUnderlyingObject().deletetree()
                }
            }
        }
        CATCH
        {
            Write-Error $Error[0]
        }
    }
}