2

I can create new users via

$userContainerPath = 'LDAP://' + $targetADDomain

$userContainer = New-Object System.DirectoryServices.DirectoryEntry -ArgumentList $userContainerPath
$proxyObject = $userContainer.Children.Add('CN=' + $sAMAccountName, 'userProxy')
$proxyObject.InvokeSet('ObjectSID', $objectSID)
$proxyObject.CommitChanges()

Unfortunately I cannot find a way to delete them.

Remove-ADUser -Identity "A00003" -server WIN-1:50000 -Partition "CN=test,DC=test,DC=com" -Confirm:$false

does not work. It tells me the user does not exist (I think it somehow is looking in AD and not AD LDS).

So I find the object I want to delete with

Get-ADObject -Filter {name -eq "A00003"} -SearchBase "CN=Users,CN=test,DC=test,DC=com" -Server "WIN-1:50000" -Properties ObjectSID

which I can see in the output when I run this line alone. But as soon as I pipe it to the delete command it says it does not exist:

Get-ADObject -Filter {name -eq "A00003"} -SearchBase "CN=Users,CN=test,DC=test,DC=com" -Server "WIN-JJ2KH3FU6AA:50000" -Properties ObjectSID | Remove-ADUser

I get the following error:

Remove-ADUser : Cannot find an object with identity: 'CN=A00003,CN=Users,CN=test,
DC=test,DC=com' under: 'CN=test,DC=test,DC=com'.
At C:\Users\Administrator\Documents\RemoveProxyLink.ps1:46 char:144
+ ... es ObjectSID | Remove-ADUser
+                    ~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (CN=A00003,CN=Us...,DC=test,DC=com:ADUser) [Remove-ADUser], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.RemoveADUser

How can I delete my created users? What am I doing wrong? I can see the object but not delete it.

Ansgar Wiechers
  • 193,178
  • 25
  • 254
  • 328
James
  • 21
  • 4
  • As far as I know the AD cmdlets are only usable for Active Directory : it also requires AD Web Services (so you're not connecting directly to the LDAP service). – bluuf Jan 11 '18 at 15:31
  • This TechNet page has a C# example of how to do this, which you might be able to pare down into PS code: https://msdn.microsoft.com/en-us/library/aa772123(v=vs.85).aspx – trebleCode Jan 13 '18 at 00:57

1 Answers1

1

As you note in your own code, objects of type "userProxyFull" cannot be manipulated with Get-ADUser or Remove-ADUser. Pipe your resulting object from Get-ADObject to Remove-ADObject.

E.g. Get-ADObject -Filter {name -eq "A00003"} -SearchBase "CN=Users,CN=test,DC=test,DC=com" -Server "WIN-JJ2KH3FU6AA:50000" | Remove-ADObject

Greg Hardt
  • 11
  • 1