I'm using this scripts to remove LDAP users and LDAP configurations but it seems have some issues. I can got it for some orgs but not for other orgs. Please point me if something not correct.
$users = Get-CIUser -org $myOrg
for ($userno = 0; $userno -le ($users.length - 1); $userno += 1) {
$user=$users[$userno]
$username = $user.Name
write-host $userno $user.org, $username, $user.isldapuser, $user.email
if ($user.isldapuser -and $user.External) {
$username=$user.Name
write-host "deleting LDAP users, $username"
$user.ExtensionData.Delete()
Write-host ", deleted"
}
}
$myorg.ExtensionData.Settings.OrgLdapSettings.OrgLdapMode="NONE"
$myorg.ExtensionData.UpdateServerData()
Do you disabled him?
Do you takeOwnership of all Inventory Items to another Person? (hdd, vms etc?)
I am using Invoke-vCloud.psm1 to delete and take Ownership via API.
https://www.powershellgallery.com/packages/Invoke-vCloud/1.2.0/Content/Invoke-vCloud.psm1
if ( $user.ExtensionData.IsExternal.ToString() -eq 'False' ) {
write-host "local User ..."
$UserID = $user.ExtensionData.id -replace 'urn:vcloud:user:'
(Invoke-vCloud -vCloudToken $Global:vCDToken -uri $Global:vcdURL/admin/user/$($UserID) -Method GET).user
write-host take ownership ...
(Invoke-vCloud -vCloudToken $Global:vCDToken -uri $Global:vcdURL/admin/user/$($UserID)/action/takeOwnership -Method POST).user
write-host $UserID go to hell ...
(Invoke-vCloud -vCloudToken $Global:vCDToken -uri $Global:vcdURL/admin/user/$($UserID) -Method DELETE).user
write-host $UserID go to hell ...
$user = ""
}
I hope, it helps you, if so please let me know.
Hello.
You can do so.
I recommend testing before use.
$OrgName = "Test_org"
# Get Org "Test_org".
$Org = Search-Cloud -QueryType Organization -Filter "Name==$($OrgName)"
# Get Users Org "Test_org", IsLdapUser match True.
$Users = Search-Cloud -QueryType adminUser -Filter "IsLdapUser==True;Org==$($Org.id)" | Get-ciview
foreach ($User in $Users) {
# If User IsExternal match True.
If ($User.IsExternal) {
write-host "Deleting LDAP users, $($User.name)."
$User.Delete()
}
}
$OrgView = $Org | Get-ciview
$OrgView.GetSettings().GetLdap().OrgLdapMode = "NONE"
$OrgView.GetSettings().GetLdap().UpdateServerData()
I got LDAP mode no change.
PS C:\Windows> $OrgView = $myOrg | Get-ciview
$OrgView.GetSettings().GetLdap().OrgLdapMode = "NONE"
$OrgView.GetSettings().GetLdap().UpdateServerData()
CustomUsersOu :
OrgLdapMode : CUSTOM
CustomOrgLdapSettings : VMware.VimAutomation.Cloud.Views.CustomOrgLdapSettings
Client : VMware.VimAutomation.Cloud.Views.CloudClient
Href : https://rsaengbdvcd1.rsa.lab.emc.com/api/admin/org/bfc695e9-11ac-439b-8533-d3481ca78762/settings/lda...
Type : application/vnd.vmware.admin.organizationLdapSettings+xml
Link : {, , , ...}
AnyAttr :
VCloudExtension :
Hi, Sorry for the late. busy for other staff.
I did not find disable user comlet and user's resource are vApps, templates, medias, catalogs,..
and I'm newer to PowerCLI and will try the Invoke-vCloud later and then give you feedback.
And thanks
Hi.
Try this option. It works in my test environment.
$OrgName = "Test_org"
$Org = Search-Cloud -QueryType Organization -Filter "Name==$($OrgName)"
$OrgView = $Org | Get-ciview
$OrgView.Settings.OrgLdapSettings.OrgLdapMode = "NONE"
$OrgView.UpdateServerData()