Le0Getz
Contributor
Contributor

Horizon View Instand Clone ITXXXXXX AD machines

We have so many of these machine accounts in AD.  Is there an easy way to clean them up?  Right now I look at the active CP-templates and delete all the machine accounts that are linked to non existing cp-templates...We are still on View 7.12 BTW

0 Kudos
3 Replies
tschern
Contributor
Contributor

I would recommend using a PowerShell script with the PowerCLI and ActiveDirectory modules to help automate this, if you can.

Something like what I've got below is what I've used in the past, when things get messy. My script would be simpler if the DNS name showed up on the cp-templates, but it often doesn't for my environment. 

 

# get all current cp-templates in vCenter

$cp_templates = @(Get-Folder -Name "ClonePrepInternalTemplateFolder" | Get-VM)

# get all AD computer objects within the OUs, including child OUs.
# the filter looks for the "IT" naming convention as well as the default text description added

$ad_objects = @(Get-ADComputer -Filter 'Name -like "it*" -and Description -like "Internal Template account.*"' -Properties Description -SearchBase "OU=Horizon,DC=some,DC=company,DC=com" -SearchScope Subtree)

# for each AD object, check it against what's in vCenter.  
# if there's not a match for the current object, then it can be deleted from AD

foreach($ad_object in $ad_objects) {

    foreach($cp_template in $cp_templates) {
        $match = $ad_object.Description.Contains($cp_template.Name)
        if ($match) {
            break
        }
    }

    if(!$match) {
      Remove-ADComputer -Identity $ad_object
    }
}

 

 

gorntor
Contributor
Contributor

I have several (40!) sites I need to do this on,  I tried to  make it portable by pulling the OU path that I wanted from each site, but I can't get the variable passed the the -Searchbase function. Any ideas ?

 

$cp_templates = @(Get-Folder -Name "ClonePrepInternalTemplateFolder" | Get-VM)
$MyOU = @(Get-ADOrganizationalUnit -Filter 'Name -like "MY_OU*"' | FT Name, DistinguishedName -A
# get all AD computer objects within the OUs, including child OUs.
# the filter looks for the "IT" naming convention as well as the default text description added
$ad_objects = @(Get-ADComputer -Filter 'Name -like "it*" -and Description -like "Internal Template account.*"' -Properties Description -SearchBase $MyOU -SearchScope Subtree)

 

Get-ADUser : Cannot convert 'System.Object[]' to the type 'System.String' required by parameter 'SearchBase'. Specified method is not supported.

0 Kudos
tschern
Contributor
Contributor

Looks like you're trying to pass the whole array to the "SearchBase" parameter, which requires a string type.

Instead of doing that, you can iterate through the $MyOUs array with another loop, which will let you get the computer objects from each OU. You'd also want to change to using an ArrayList or similar collection like in this example. This will let you add to $ad_objects dynamically.

$MyOUs = @(Get-ADOrganizationalUnit -Filter 'Name -like "VDI*"')
[System.Collections.ArrayList]$ad_objects = @()

foreach($OU in $MyOUs) {
    $ad_objects.Add((Get-ADComputer -Filter 'Name -like "it*" -and Description -like "Internal Template account.*"' -Properties Description -SearchBase $OU.DistinguishedName -SearchScope Subtree))
}

 

0 Kudos