Skip to main content

I am needing a script that can be added to our summer update configuration that will delete every user with the exception of admins. Anyone had any luck doing this? I have tried using Tom Larkin's script and it seems to remove the home directories from /Users how ever the accounts are still populated in SystemPreferences>Accounts. Any ideas?



https://discussions.apple.com/message/12165862#12165862



dscl . -delete /Users/





dscl . list /Users | grep -v "_"





#!/bin/bash



UserList=`/bin/ls /Users | /usr/bin/grep -v "Shared"`



for u in $UserList ; do



if [[ `/usr/bin/dscl . read /Groups/admin GroupMembership | /usr/bin/grep $u -c` == 1 ]]



then /bin/echo "Admin account detected skipping..."



else /usr/bin/dscl . delete /Users/$u && /bin/rm -rf /Users/$u



fi



done

Did you find a more reliable method, or are you just avoiding it altogether for now?

Just avoiding at the moment. I think the answer is going to be to look recursively through all files in the home directory, find the newest one and use that date.



This may be a start:
https://stackoverflow.com/questions/4561895/how-to-recursively-find-the-latest-modified-file-in-a-directory

Anyone reason you can think of not to just ignore those home folders that contain a file less than 30 days since last modification? Check out the third if statement with the find command.



#!/bin/bash



for home in /Users/*; do

    username=`basename $home`

    if [[ `echo $username | cut -c -1` =~ ^[0-9]+$ ]]; then

        if [[ `stat -f "%Su" /dev/console` == $username ]]; then

            echo "Skipping due to being currently logged in: $username"

        else

            if [[ `find $home -type f -mtime -30` ]]; then

                echo "Skipping due to recent activity: $username"

            else

                dscl . -delete /Users/$username && echo "Removed user account: $username"

                rm -rf $home && echo "Removed home folder: $home"

            fi

        fi

    else

        echo "Skipping non-student: $username"

    fi

done


Edit: By the way, in our environment we are only trying to delete student users that have not been used in the last 30 days. All student usernames and only student usernames start with a number.

@cbrewer
Trying to work with your script below and changing the mtime to 15 or 10 but it seems it doesn't delete any user accounts either way.
Wondering if 10.12.6 is not working the same way.



#!/bin/bash



userList=`dscl . list /Users UniqueID | awk '$2 > 1000 {print $1}'`



echo "Deleting account and home directory for the following users..."



for user in $userList ; do

    if [[ "$(find /Users -type d -maxdepth 1 -mindepth 1 -not -name "*.*" -mtime +21 | grep "$user")" =~ "$user" ]]; then

        dscl . delete /Users/"$user"  #delete the account

        rm -r /Users/"$user"  #delete the home directory

        echo "$user"

    fi

done


Gabe Shackney
Princeton Public Schools

@gshackney Read a few posts up. I've found that running find on just the home directory with mtime is not reliable. I personally wouldn't delete any home directories based on that logic alone.

Ah, missed that.
Guess I'm back to just deleting all users (minus my needed ones) once its 80% full



Gabe Shackney
Princeton Public Schools

@gshackney I have a Self Service policy that will show for our Media Lab teachers when there is "more than X accounts" and they can remove all accounts except for our local admin and jamf account. Usually if they start seeing space issues (we have 120 SSDs) they go right to this now.

Well since I stopped creating system user accounts with the bind, I just have to delete the home folders.
So Now I just run this when the drive hits 80% full or more(just edit the grep's with the accounts you want to save):



#!/bin/sh



for home in $(ls /Users | grep -v localadmin | grep -v Shared | grep -v admin | grep -v username | grep -v username | grep -v username | grep -v username | grep -v username | grep -v $3)

do

sudo rm -rf /Users/$home

done


Gabe Shackney
Princeton Public Schools

@gshackney Where do you run this? In self service or as a policy based on a smart group?

@tdilossi
Policy that runs automagically base on a Smart Group targeting specific heavy use machines and also machines over 80% full:



Gabe Shackney
Princeton Public Schools

@gshackney excellent! thanks for the prompt response!!

We were looking at implementing this recently, but one caveat we ran into was if you push packages in Jamf with the Fill Existing Users option checked, it will modify files in the users home folders, effectively making the find command with mtime inaccurate.



We are still looking for a trusted source for last login time/activity that can be used.



On a side note, there is a configuration profile payload for Mobility that lets you set deleting user accounts after x days of login, but it was unreliable for us. Deleting users too early.

I've found it more reliable to get mtime on the user's Preferences folder versus their entire home directory.



if [[ $(find /Users/$user/Library/Preferences -type d -maxdepth 1 -mindepth 1 -mtime +30) ]]; then

  echo "Deleting $user"

  sysadminctl -deleteUser $user

fi
Terms & ConditionsCookie settings