I am not a real scripting guy but for one of my customers I wrote a Powershell script that allows you to delete devices in Configuration Manager 2012 SP1 that have been deleted from the Active Directory. This way the customer is able to keep its Configuration Manager database clean and update date. With the release of Service Pack 1 for Configuration Manager you are able to use real Configuration Manager cmdlets instead of connecting through WMI to your Configuration Manager 2012 site. Scripting has become easy 😉
The script checks every device that is available in the All Systems collection if it is still available in Active Directory and it will delete devices that comply to the following rules:
- The device is available in ConfigMgr but not in Active Directory
- The device is not a member of a Workgroup
- The device is not a mobile device
- The device is not manually imported for Operating System Deployment
Before you are able to use the script you need to configure some variables, you can find these just beneath the comments in the header of the script;
- $sitecode = “<sitecode>:”
- $sitecode = “PS1:“
- $installdrive = “<ConfigMgr Admin Console installation>“
- $installdrive = “C:“
- $loglocation = “<loglocation>“
- $loglocation = “D:Logfiles“
- $localdomain = “<domainname>“
- $localdomain = “ConfigMgrLab“
Prerequisites to use this script are:
- Powershell 3.0 (x86)
- System Center 2012 Configuration Manager 2012 SP1
- Active Directory Module for Windows PowerShell
The script RemoveDeletedDevicesFromConfigMgr2012SP1.ps1 uses the cmdlet Get-CMDevices to retrieve the information about the devices from Configuration Manager. After checking if the device is available in Active Directory, part of a workgroup, part of an other domain or mobile device the Remove-CMDevices cmdlet will be used to remove the device from Configuration Manager. Together with the log function of fellow Configuration Manager MVP Kaido Järvemets (http://www.cm12sdk.net) this script will log also if a devices is deleted or why a device is preserved. The script will check the device in Configuration Manager and report back which device does not have an account in the Active Directory you configured.
Please let me know what you think, you can download the script here. (http://gallery.technet.microsoft.com/Cleanup-in-AD-deleted-b80e452d)
When scheduling this script, be sure that the account you are using has the persmission to delete a device from the All Systems Collection in Configuration Manager.
The script is provided “AS IS” with no warranties.
I can’t get this to work. The log files return that the two machines I’m testing against have been removed, though the devices (workstations) in question still appear in the console. Running a query on the CM databases returns the two machines as well.
Running SCCM 2012 R2.
Hi Bill,
What variables did you configure?
Cheers,
Peter
The Remove-CMDevice is commented out in the version I downloaded from the Gallery. You may need to remove the “#” from in front of Remove-CMDevice line.
true
Did you ever get this resolved? I am having the same issue.
Did you remove the # in front of remove-cmdevice? Removing the # will allow you to actually delete the records.
I have a similar issue as above. The only variables that I configured on the script was the Sitecode, loglocation and localdomain. Its says that it removed about 20 systems but they still show up in the console.
Hi Peter,
I’m trying to use your script on our environment with no success.
I’ve not removed the comment on the line that deletes the computers, I want to get a list first to check if its working, but I don’t get a log file.
The script runs, I get no error messages but no log file, nothing at all. 🙁
Did some changes to see if I could get it to work, like getting the computer collection instead of all systems, but still nothing.
I’m running a 2k8 R2 server with SCCM 2012 SP1 and the Powershell (x86). I’ve set my system to US region just in case.
Thanks in advance for your help.
Regards,
SR
Hi Sergio, what parameters did you configure?
The script does work for me. I have the following variables defined:
$sitecode = “CM1:”
$installdrive = “C:”
$loglocation = “C:\Program Files\Microsoft Configuration Manager\Logs”
$localdomain = “xxxx.xxx”
$maxdevices = 200
The script runs and then without error it changes the directory to CM1.
PS C:\> ./RemoveDeletedDevicesFromConfigMgr2012SP1_v0_3.ps1
PS CM1:\>
Thank you for sharing this script!
In our environment we disable old computers and move them to a OU for disabled computers in stead of deleting them.
What should i change in the script to also clean up disabled computers from SCCM?
I have used the script in the past but for some reason I can’t get it to work with ConfigMgr 2012 R2 CU3. We had it running at another client without any issues. The only thing I am running into are some of the PowerShell commands changed with CU3 so I am wondering if it is the reason this script isn’t running?
Hi Peter
We have modified the variables in the script to match my domain, site code etc. When i run the script manually it works as expected, however when i run the script as a scheduled task it deletes a lot of device objects in SCCM that still present in Active Directory.
Any ideas/ help would be appreciated. Has anyone else had the same issue?
Great script by the way!
Thanks,
Craig
Hi Graig, can you please share the script with me via peter at Daalmans.com ? Thanks!
Hi Peter, love the script and thanks for putting it together. It’s working great for us with devices no longer in AD. Would it be possible to also remove devices from SCCM that are disabled in AD?
Thanks!
Phil
Nevermind, managed to work it out. Here’s the code if anyone’s interested:
$rtnComp = (Get-ADComputer -Identity $comp -Properties Enabled)
if ($rtnComp.Enabled -eq $false) { #Cleanup }