sdagley · March 18, 2017 03:40
diff --git a/DeleteADUsers.sh b/DeleteADUsers.sh
 #!/bin/bash
 ################################################################################
 # DeleteADUsers.sh
 #
 # Created by Steve Dagley 2017-03-01
 #
 # Script to delete AD users accounts
 # Requires Mac OS X 10.10 or newer and Casper/Jamf Pro enrolled machine for jamfHelper binary
 # If run as root, deletes all AD accounts, so can be used via Policy to "clean" lab machines
 # If user is logged in, asks to verify login ID and will not delete that account
 ################################################################################

 adusers=$(dscl . list /Users UniqueID | awk '$2 > 1000 {print $1}')
 currentuser=$(stat -f "%Su" /dev/console)
 response="2" # Presume confirmation failure

 if [[ “$currentuser" != "root" ]]; then
    # If we're not root, ask user to verify their login ID
    response=$(/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "Verify login ID" -heading "Verify login ID" -description "Please verify that $currentuser is your login ID" -button1 "That's Me" -button2 "Not Me")
    if [ "$response" != "0" ]; then
       echo "Did not get confirmation from user, no accounts will be deleted"
    fi
 else
    echo "Running as root, so all AD accounts will be deleted"
    response="0" # Always set confirmation response when root
 fi

 if [ "$response" == "0" ]; then
    echo "Deleting AD user accounts..."

    for user in $adusers ; do
        if [ "$user" != "$currentuser" ]; then
            /usr/sbin/sysadminctl -deleteUser "$user"
            echo "$user deleted"
        fi
    done
 fi
	#!/bin/bash
	################################################################################
	# DeleteADUsers.sh
	#
	# Created by Steve Dagley 2017-03-01
	#
	# Script to delete AD users accounts
	# Requires Mac OS X 10.10 or newer and Casper/Jamf Pro enrolled machine for jamfHelper binary
	# If run as root, deletes all AD accounts, so can be used via Policy to "clean" lab machines
	# If user is logged in, asks to verify login ID and will not delete that account
	################################################################################

	adusers=$(dscl . list /Users UniqueID \| awk '$2 > 1000 {print $1}')
	currentuser=$(stat -f "%Su" /dev/console)
	response="2" # Presume confirmation failure

	if [[ “$currentuser" != "root" ]]; then
	# If we're not root, ask user to verify their login ID
	response=$(/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "Verify login ID" -heading "Verify login ID" -description "Please verify that $currentuser is your login ID" -button1 "That's Me" -button2 "Not Me")
	if [ "$response" != "0" ]; then
	echo "Did not get confirmation from user, no accounts will be deleted"
	fi
	else
	echo "Running as root, so all AD accounts will be deleted"
	response="0" # Always set confirmation response when root
	fi

	if [ "$response" == "0" ]; then
	echo "Deleting AD user accounts..."

	for user in $adusers ; do
	if [ "$user" != "$currentuser" ]; then
	/usr/sbin/sysadminctl -deleteUser "$user"
	echo "$user deleted"
	fi
	done
	fi