Deleting User Accounts

Microsoft® Windows® 2000 Scripting Guide

Deleting a user account object in Active Directory is the final step in the life cycle of a user account. Deleting a user account clears all of its attributes and tombstones the account in Active Directory. The object remains marked with a tombstone until the cleanup process permanently removes it. Once deleted, there is no way to recover the user account.

To delete a user account by using an ADSI script, you must use the Delete method of the IADsContainer interface. Like IADs, IADsContainer is a core interface. IADsContainer is used to create, delete, and manage objects contained inside other objects. In this case, the user account object is contained in either an OU or one of the built-in containers, such as the Users container.

Table 7.10 shows the arguments of the Delete method.

Table 7.10 Arguments of the Delete Method

Argument

Type

Required

Default

Description

Class

string

Yes

None

Name of the schema class object to delete

Relative Distinguished Name

string

Yes

None

Value of the objects name attribute

Scripting Steps

Listing 7.22 contains a script that deletes a user account from an OU. To carry out this task, the script performs the following steps:

  1. Bind to the OU from which the object will be deleted by using the GetObject function and the LDAP provider.

  2. Call the Delete method of the IADsContainer interface.

Listing 7.22 Deleting an Active Directory User Account

  
1
2
Set objOU = GetObject("LDAP://ou=Management,dc=NA,dc=fabrikam,dc=com")
objOU.Delete "User", "cn=MyerKen"

The user is immediately deleted from Active Directory. You do not need to call SetInfo to commit the change.