PowerCLI scripts to remove LDAP users and configur...

lu621 · ‎03-08-2022

I'm using this scripts to remove LDAP users and LDAP configurations but it seems have some issues. I can got it for some orgs but not for other orgs. Please point me if something not correct.

$users = Get-CIUser -org $myOrg
for ($userno = 0; $userno -le ($users.length - 1); $userno += 1) {
$user=$users[$userno]
$username = $user.Name
write-host $userno $user.org, $username, $user.isldapuser, $user.email
if ($user.isldapuser -and $user.External) {
$username=$user.Name
write-host "deleting LDAP users, $username"
$user.ExtensionData.Delete()
Write-host ", deleted"
}
}
$myorg.ExtensionData.Settings.OrgLdapSettings.OrgLdapMode="NONE"
$myorg.ExtensionData.UpdateServerData()

moellerjot · ‎03-08-2022

Do you disabled him?
Do you takeOwnership of all Inventory Items to another Person? (hdd, vms etc?)

I am using Invoke-vCloud.psm1 to delete and take Ownership via API.
https://www.powershellgallery.com/packages/Invoke-vCloud/1.2.0/Content/Invoke-vCloud.psm1

   if ( $user.ExtensionData.IsExternal.ToString() -eq 'False' ) {
      write-host "local User ..."
      $UserID = $user.ExtensionData.id  -replace 'urn:vcloud:user:'
      (Invoke-vCloud -vCloudToken $Global:vCDToken -uri $Global:vcdURL/admin/user/$($UserID) -Method GET).user
      write-host take ownership ...
      (Invoke-vCloud -vCloudToken $Global:vCDToken -uri $Global:vcdURL/admin/user/$($UserID)/action/takeOwnership -Method POST).user
      write-host $UserID go to hell ...
      (Invoke-vCloud -vCloudToken $Global:vCDToken -uri $Global:vcdURL/admin/user/$($UserID) -Method DELETE).user
      write-host $UserID go to hell ...
      $user = ""
   }

I hope, it helps you, if so please let me know.

Macleud · ‎03-12-2022

Hello.

You can do so.

I recommend testing before use.

$OrgName = "Test_org"
# Get Org "Test_org".
$Org = Search-Cloud -QueryType Organization -Filter "Name==$($OrgName)"
# Get Users Org "Test_org", IsLdapUser match True.
$Users = Search-Cloud -QueryType adminUser -Filter "IsLdapUser==True;Org==$($Org.id)" | Get-ciview

foreach ($User in $Users) {
# If User IsExternal match True.
If ($User.IsExternal) {
write-host "Deleting LDAP users, $($User.name)."
$User.Delete()
}
}
$OrgView = $Org | Get-ciview

$OrgView.GetSettings().GetLdap().OrgLdapMode = "NONE"
$OrgView.GetSettings().GetLdap().UpdateServerData()

luu621 · ‎06-13-2022

I got LDAP mode no change.

PS C:\Windows> $OrgView = $myOrg | Get-ciview
$OrgView.GetSettings().GetLdap().OrgLdapMode = "NONE"
$OrgView.GetSettings().GetLdap().UpdateServerData()

CustomUsersOu :
OrgLdapMode : CUSTOM
CustomOrgLdapSettings : VMware.VimAutomation.Cloud.Views.CustomOrgLdapSettings
Client : VMware.VimAutomation.Cloud.Views.CloudClient
Href : https://rsaengbdvcd1.rsa.lab.emc.com/api/admin/org/bfc695e9-11ac-439b-8533-d3481ca78762/settings/lda...
Type : application/vnd.vmware.admin.organizationLdapSettings+xml
Link : {, , , ...}
AnyAttr :
VCloudExtension :

luu621 · ‎06-13-2022

Hi, Sorry for the late. busy for other staff.

I did not find disable user comlet and user's resource are vApps, templates, medias, catalogs,..

and I'm newer to PowerCLI and will try the Invoke-vCloud later and then give you feedback.

And thanks

Macleud · ‎06-18-2022

Hi.

Try this option. It works in my test environment.

$OrgName = "Test_org"
$Org = Search-Cloud -QueryType Organization -Filter "Name==$($OrgName)"

$OrgView = $Org | Get-ciview

$OrgView.Settings.OrgLdapSettings.OrgLdapMode = "NONE"

$OrgView.UpdateServerData()

All

PowerCLI scripts to remove LDAP users and configuration in vCloud Director orgs