OSX User Account Cleanup

[d4nnn]

Hey guys, hoping someone could help me out here.

We have about 100 or so machines that need to be removed from open directory and the mobile users list cleaned up.

I am following this url: http://stikine.wordpress.com/2012/07/13/howto-reset_to_factory_default/

just up to the open directory removal. The problem is we have dozens of accounts that need to be removed as well. These are all temp mobile accounts created through network logins. How do I go about doing this in bulk instead of one by one?

Any help would be appreciated, thanks!

 

[sniggle]

Not 100% positive on implementing this, but you could probably put all of the relevant commands into a bash script that takes a parameter so it would only involve one command per user.

Example contents which take a few commands from that link and replace yourusername with $1 (parameter that gets passed into the script):

#! /bin/bash
dscl . delete /groups/$1
dscl . delete /users/$1
rm /private/var/db/dslocal/nodes/Default/users/$1.plist

Read up on bash scripts and it should be pretty easy to implement, unless there are specific gotchas with each account that would change which commands need to be used.

 

[d4nnn]

Thanks for the reply, I think I may have to try this if I cant get this script to work:

Came across this script to remove all non-admin accounts -

#!/bin/sh
userList=`dscl . list /Users UniqueID | awk '$2 > 1000 {print $1}'`
echo "Deleting account and home directory for the following users..."
for a in $userList ; do
find /Users -type d -maxdepth 1 -mindepth 1 -not -name "*.*" -mtime +7 | grep "$a";
if [[ $? == 0 ]]; then
dscl . delete /Users/"$a"; #delete the account
rm -r /Users/"$a"; #delete the home directory
fi
done


When I run this script, it just hangs for a long time. Whats interesting is, storage space is actually shrinking, which indicates that the home directory is being removed, but its working so slow that I'm not sure how long I can expect it to finish in.

 

[d4nnn]

my apologies, i properly created the script in textwrangler and ran the script. It removed short name mobile accounts; however, did not touch the long form accounts. Do you know the command or format to include that in the "find" line for which users to find?

 

[sniggle]

Not sure what you mean by long form accounts, but if you can determine whether their user id's are less than 1000 you can modify this line:

userList=`dscl . list /Users UniqueID | awk '$2 > 1000 {print $1}'`

That line is using user id's that are over 1000, so you could change it accordingly.

Additionally, you can modify the script to show more meaningful progress like so:

#!/bin/sh
userList=`dscl . list /Users UniqueID | awk '$2 > 1000 {print $1}'`
echo "Deleting account and home directory for the following users..."
for a in $userList ; do
find /Users -type d -maxdepth 1 -mindepth 1 -not -name "*.*" -mtime +7 | grep "$a";
if [[ $? == 0 ]]; then
echo "Deleting account $a..."
dscl . delete /Users/"$a"; #delete the account
rm -r /Users/"$a"; #delete the home directory
fi
done

I might not be totally correct on this stuff as I haven't done bash stuff in a long time.

 

[d4nnn]

Thanks for the reply.

All account IDs existing are 1000 and greater.

For account names... take for example if I have user John Smith created in OD. Account naming forman is john.smith and the short name is johnsmith. Short name accounts are picked up by the script and deleted, john.smith accounts stay. I would assume the -name "*.*" would take care of that portion, but it doesn't..

Thanks for the tip on the echo, i'll see if it outputs something.