Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/bin/bash
################################################################################
# DeleteADUsers.sh
#
# Created by Steve Dagley 2017-03-01
#
# Script to delete AD users accounts
# Requires Mac OS X 10.10 or newer and Casper/Jamf Pro enrolled machine for jamfHelper binary
# If run as root, deletes all AD accounts, so can be used via Policy to "clean" lab machines
# If user is logged in, asks to verify login ID and will not delete that account
################################################################################
adusers=$(dscl . list /Users UniqueID | awk '$2 > 1000 {print $1}')
currentuser=$(stat -f "%Su" /dev/console)
response="2" # Presume confirmation failure
if [[ “$currentuser" != "root" ]]; then
# If we're not root, ask user to verify their login ID
response=$(/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "Verify login ID" -heading "Verify login ID" -description "Please verify that $currentuser is your login ID" -button1 "That's Me" -button2 "Not Me")
if [ "$response" != "0" ]; then
echo "Did not get confirmation from user, no accounts will be deleted"
fi
else
echo "Running as root, so all AD accounts will be deleted"
response="0" # Always set confirmation response when root
fi
if [ "$response" == "0" ]; then
echo "Deleting AD user accounts..."
for user in $adusers ; do
if [ "$user" != "$currentuser" ]; then
/usr/sbin/sysadminctl -deleteUser "$user"
echo "$user deleted"
fi
done
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment