You'll want to include an admin username and password in your script to delete the account. Like this:
sysadminctl -deleteUser "$user" -adminUser "$adminUser" -adminPassword "$adminPassword"
I use the bash script in the following GitHub repo to encrypt the admin password: https://github.com/brysontyrrell/EncryptedStrings. Then, I use the input parameters for the script to pass in the encrypted string, passphrase, and salt and decrypt them in the script. A whole script could look something like this
#!/bin/zsh
function DecryptString() {
# Usage: ~$ DecryptString "Encrypted String" "Salt" "Passphrase"
echo "${1}" | /usr/bin/openssl enc -aes256 -md md5 -d -a -A -S "${2}" -k "${3}"
}
adminUser=${4}
adminPassword=$(DecryptString "${5}" "${6}" "${7}")
sysadminctl -deleteUser "$user" -adminUser "$adminUser" -adminPassword "$adminPassword"
I also have a script in GitHub, deleteInactiveUsers.zsh, that deletes users after they've been inactive for a specified number of days. (I also just realized I hadn't updated it in a while, so I pushed updates this afternoon.)
You'll want to include an admin username and password in your script to delete the account. Like this:
sysadminctl -deleteUser "$user" -adminUser "$adminUser" -adminPassword "$adminPassword"
I use the bash script in the following GitHub repo to encrypt the admin password: https://github.com/brysontyrrell/EncryptedStrings. Then, I use the input parameters for the script to pass in the encrypted string, passphrase, and salt and decrypt them in the script. A whole script could look something like this
#!/bin/zsh
function DecryptString() {
# Usage: ~$ DecryptString "Encrypted String" "Salt" "Passphrase"
echo "${1}" | /usr/bin/openssl enc -aes256 -md md5 -d -a -A -S "${2}" -k "${3}"
}
adminUser=${4}
adminPassword=$(DecryptString "${5}" "${6}" "${7}")
sysadminctl -deleteUser "$user" -adminUser "$adminUser" -adminPassword "$adminPassword"
I also have a script in GitHub, deleteInactiveUsers.zsh, that deletes users after they've been inactive for a specified number of days. (I also just realized I hadn't updated it in a while, so I pushed updates this afternoon.)
Hi Skeenan07,
thanks for you quick and detailed response. Unfortunately, I'm travelling today, but I'm back tomorrow. I'll report my experience afterwards, but all you wrote makes sense.
Regards Chris
You'll want to include an admin username and password in your script to delete the account. Like this:
sysadminctl -deleteUser "$user" -adminUser "$adminUser" -adminPassword "$adminPassword"
I use the bash script in the following GitHub repo to encrypt the admin password: https://github.com/brysontyrrell/EncryptedStrings. Then, I use the input parameters for the script to pass in the encrypted string, passphrase, and salt and decrypt them in the script. A whole script could look something like this
#!/bin/zsh
function DecryptString() {
# Usage: ~$ DecryptString "Encrypted String" "Salt" "Passphrase"
echo "${1}" | /usr/bin/openssl enc -aes256 -md md5 -d -a -A -S "${2}" -k "${3}"
}
adminUser=${4}
adminPassword=$(DecryptString "${5}" "${6}" "${7}")
sysadminctl -deleteUser "$user" -adminUser "$adminUser" -adminPassword "$adminPassword"
I also have a script in GitHub, deleteInactiveUsers.zsh, that deletes users after they've been inactive for a specified number of days. (I also just realized I hadn't updated it in a while, so I pushed updates this afternoon.)
Hi skeenan07,
I testet your command in the local script. For testing, I wrote in the script the local admin credentials in clear text, because it is a test system and I don't want to mix up something during encryption an decrytion. But anyway the error is the same, Error:-14120, if I start the script via JAMF. And there is no error (user is removed), if I start the script local in the terminal with sudo. The script is removing the user without error.
Regards Chris
