There are a couple of options to reduce that time.
While I realize that doing it outside powershell might not be popular, I would
have used a nested for loop and psexec to parse through each of the servers and
remove the 15 accounts. Coupled with a start command you could either break up
the servers into groups (50 at a time?) or possibly run them all at once. Even
if broken into 35 groups of 10, the time would be much less. The real
determining factor would be how many concurrent instances of psexec could you
realistically run on the machine. I’ve run 20 or so on occasion but it’s been
a while and it’s normally things I start and walk away.
You could also build a scheduled task that is replicated on each server to do
them all at the same time. That’s one of the ways we push application updates
to remote offices when they have to happen in a specific time frame.
I’m sure there’s a similar way to create parallel operations in powershell, in
fact I’ve seen demos, I just don’t recall how. ☹
--
There are 10 kinds of people in the world...
those who understand binary and those who don't.
From: [email protected] [mailto:[email protected]] On
Behalf Of Webster
Sent: Tuesday, May 3, 2016 9:50 AM
To: [email protected]
Subject: RE: [powershell] delete 15 local accounts from 350 servers
The If($? –and $Null –ne $Servers) is a habit ingrained by having MBS as a
mentor. Always error check.
In my lab, it takes about 10 seconds to delete each anon account. That could
mean about 2.5 minutes per server * 350 servers or a long time.
Thanks
Webster
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Devin Rich
Sent: Tuesday, May 3, 2016 8:29 AM
To: [email protected]<mailto:[email protected]>
Subject: Re: [powershell] delete 15 local accounts from 350 servers
Personally, I would change this line: $Servers = Get-XAServer -ea 0 | Select
ServerName | Sort ServerName
to
$Servers = Get-XAServer -ea 0 | Select -Expand ServerName | Sort
And then change $($Server.Servername) to $Server
OR, you will need to change $ADSIComp = [adsi]"WinNT://$Server" to $ADSIComp =
[adsi]"WinNT://$($Server.ServerName)"
Next, I would change your $AnonAccounts to an array by removing the {} around
all of the account names. I'm not sure the exact purpose of the if ($?...
statement. I normally just get the list of $Servers and do my foreach on them.
If they don't exist, then it will not even try to do anything (But I don't know
what the output from Get-XAServer looks like; you may well need that if).
Barring those few things, I don't see any obvious syntax that needs changed. I
would suggest that you have some better logging too. Personally, I would make
the script after it has deleted the user accounts for each machine list all
local accounts on that machine. Then you can take that list of all user
accounts on all machines and do a $Users -match "Anon" and see if for any
reason some anon accounts remain that probably should be deleted. That's just a
personal preference from me though.
I would definitely do some unit testing on your code in your own environment
before you try it out on theirs... Good luck!
Thanks,
Devin Rich
Systems Administrator
On Tue, May 3, 2016 at 6:42 AM, Webster
<[email protected]<mailto:[email protected]>> wrote:
Even if you tell the installer not to do so, the installer for XenApp 6.5
creates 15 anonymous accounts. A customer wants those accounts deleted. I found
this article
https://mcpmag.com/articles/2015/05/07/local-user-accounts-with-powershell.aspx
and based the script on their snippet:
Deleting an Account
Deleting a user account can be accomplished in a similar manner that we took to
create an account. By using the ADSI WinNT provider we will connect to the
system and then instead of using Create() to build an account, we will make use
of Delete() instead.
The Delete method takes arguments similar to what Create took. We supply the
schema type of User and the username of the account.
$Computername = $env:COMPUTERNAME
$ADSIComp = [adsi]"WinNT://$Computername"
$ADSIComp.Delete('User','TestProx')
The main part of my script is:
add-pssnapin Citrix.XenApp.Commands
$Servers = Get-XAServer -ea 0 | Select ServerName | Sort ServerName
If($? –and $Null –ne $Servers)
{
$AnonAccounts = {"Anon000","Anon001","Anon002","Anon003","Anon004",
"Anon005","Anon006","Anon007","Anon008","Anon009",
"Anon010","Anon011","Anon012","Anon013","Anon014"}
ForEach($Server in $Servers)
{
Write-Host "Processing server
$($Server.ServerName)"
$ADSIComp = [adsi]"WinNT://$Server"
ForEach($AnonAccount in $AnonAccounts)
{
$ADSIComp.Delete('User',"$($AnonAccount)")
}
}
}
Does that look like it will delete those accounts on the remote servers?
Thanks
Webster
The information contained in this message is privileged, confidential, and
protected from disclosure. If you are not the intended recipient, you are
hereby notified that any review, printing, dissemination, distribution, copying
or other use of this communication is strictly prohibited. If you have received
this communication in error, please notify us immediately by replying to the
message and deleting it from your computer.
