How to cleanup in AD deleted devices via Powershell in ConfigMgr 2012 SP1

sccm2012-logoI am not a real scripting guy but for one of my customers I wrote a Powershell script that allows you to delete devices in Configuration Manager 2012 SP1 that have been deleted from the Active Directory. This way the customer is able to keep its Configuration Manager database clean and update date. With the release of Service Pack 1 for Configuration Manager you are able to use real Configuration Manager cmdlets instead of connecting through WMI to your Configuration Manager 2012 site. Scripting has become easy ;)

The script checks every device that is available in the All Systems collection if it is still available in Active Directory and it will delete devices that comply to the following rules:

  • The device is available in ConfigMgr but not in Active Directory
  • The device is not a member of a Workgroup
  • The device is not a mobile device
  • The device is not manually imported for Operating System Deployment

Before you are able to use the script you need to configure some variables, you can find these just beneath the comments in the header of the script;

  • $sitecode = “<sitecode>:”
  • $sitecode = “PS1:
  • $installdrive = “<ConfigMgr Admin Console installation>
  • $installdrive = “C:
  • $loglocation = “<loglocation>
  • $loglocation = “D:Logfiles
  • $localdomain = “<domainname>
  • $localdomain = “ConfigMgrLab

Prerequisites to use this script are:

  • Powershell 3.0 (x86)
  • System Center 2012 Configuration Manager 2012 SP1
  • Active Directory Module for Windows PowerShell

The script RemoveDeletedDevicesFromConfigMgr2012SP1.ps1 uses the cmdlet Get-CMDevices to retrieve the information about the devices from Configuration Manager. After checking if the device is available in Active Directory, part of a workgroup, part of an other domain or mobile device the Remove-CMDevices cmdlet will be used to remove the device from Configuration Manager. Together with the log function of fellow Configuration Manager MVP Kaido Järvemets (http://www.cm12sdk.net) this script will log also if a devices is deleted or why a device is preserved. The script will check the device in Configuration Manager and report back which device does not have an account in the Active Directory you configured.

Log output of the script

Log output of the script

Please let me know what you think, you can download the script here. (http://gallery.technet.microsoft.com/Cleanup-in-AD-deleted-b80e452d)

When scheduling this script, be sure that the account you are using has the persmission to delete a device from the All Systems Collection in Configuration Manager.

The script is  provided “AS IS” with no warranties.

 

Comments

 
Comments

I can’t get this to work. The log files return that the two machines I’m testing against have been removed, though the devices (workstations) in question still appear in the console. Running a query on the CM databases returns the two machines as well.
Running SCCM 2012 R2.

Peter Daalmans

Hi Bill,

What variables did you configure?

Cheers,
Peter

Trackbacks for this post

Leave a Reply
*