The If($? –and $Null –ne $Servers) is a habit ingrained by having MBS as a mentor. Always error check.
In my lab, it takes about 10 seconds to delete each anon account. That could mean about 2.5 minutes per server * 350 servers or a long time. Thanks Webster From: listsadmin@lists.myitforum.com [mailto:listsadmin@lists.myitforum.com] On Behalf Of Devin Rich Sent: Tuesday, May 3, 2016 8:29 AM To: powersh...@lists.myitforum.com Subject: Re: [powershell] delete 15 local accounts from 350 servers Personally, I would change this line: $Servers = Get-XAServer -ea 0 | Select ServerName | Sort ServerName to $Servers = Get-XAServer -ea 0 | Select -Expand ServerName | Sort And then change $($Server.Servername) to $Server OR, you will need to change $ADSIComp = [adsi]"WinNT://$Server" to $ADSIComp = [adsi]"WinNT://$($Server.ServerName)" Next, I would change your $AnonAccounts to an array by removing the {} around all of the account names. I'm not sure the exact purpose of the if ($?... statement. I normally just get the list of $Servers and do my foreach on them. If they don't exist, then it will not even try to do anything (But I don't know what the output from Get-XAServer looks like; you may well need that if). Barring those few things, I don't see any obvious syntax that needs changed. I would suggest that you have some better logging too. Personally, I would make the script after it has deleted the user accounts for each machine list all local accounts on that machine. Then you can take that list of all user accounts on all machines and do a $Users -match "Anon" and see if for any reason some anon accounts remain that probably should be deleted. That's just a personal preference from me though. I would definitely do some unit testing on your code in your own environment before you try it out on theirs... Good luck! Thanks, Devin Rich Systems Administrator On Tue, May 3, 2016 at 6:42 AM, Webster <webs...@carlwebster.com<mailto:webs...@carlwebster.com>> wrote: Even if you tell the installer not to do so, the installer for XenApp 6.5 creates 15 anonymous accounts. A customer wants those accounts deleted. I found this article https://mcpmag.com/articles/2015/05/07/local-user-accounts-with-powershell.aspx and based the script on their snippet: Deleting an Account Deleting a user account can be accomplished in a similar manner that we took to create an account. By using the ADSI WinNT provider we will connect to the system and then instead of using Create() to build an account, we will make use of Delete() instead. The Delete method takes arguments similar to what Create took. We supply the schema type of User and the username of the account. $Computername = $env:COMPUTERNAME $ADSIComp = [adsi]"WinNT://$Computername" $ADSIComp.Delete('User','TestProx') The main part of my script is: add-pssnapin Citrix.XenApp.Commands $Servers = Get-XAServer -ea 0 | Select ServerName | Sort ServerName If($? –and $Null –ne $Servers) { $AnonAccounts = {"Anon000","Anon001","Anon002","Anon003","Anon004", "Anon005","Anon006","Anon007","Anon008","Anon009", "Anon010","Anon011","Anon012","Anon013","Anon014"} ForEach($Server in $Servers) { Write-Host "Processing server $($Server.ServerName)" $ADSIComp = [adsi]"WinNT://$Server" ForEach($AnonAccount in $AnonAccounts) { $ADSIComp.Delete('User',"$($AnonAccount)") } } } Does that look like it will delete those accounts on the remote servers? Thanks Webster The information contained in this message is privileged, confidential, and protected from disclosure. If you are not the intended recipient, you are hereby notified that any review, printing, dissemination, distribution, copying or other use of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.
