Remove Local User Accounts by UID

MikeV-Holden
New Contributor

I'm looking to remove six local user accounts from a group of MacBooks. The user names are all different, but they all have the user IDs 501 through 506. Is there a command or script that I can add to a policy to make this happen?

5 REPLIES 5

joshuasee
Contributor III

So you just need a way to ferret out the account names?

#!/bin/bash
for((i=1;i<7;i++)); 
do 
    condemned=$(dscl /Local/Default -search /Users UniqueID 50$i | cut -sf1);
         if [[ -n "$condemned" ]]; then 
            # Add preferred account nuking script or policy trigger here. Item below is not sufficient.
            dscl /Local/Default -delete /Users $condemned
        fi; 
done

mm2270
Legendary Contributor III

Are you looking only to remove the user accounts from directory services, or the home folders for them as well?

MikeV-Holden
New Contributor

I would prefer to wipe the home folders.
Would a line such as the below work in joshuasee's script?

rm -rf/Users $condemned

davidacland
Honored Contributor II
Honored Contributor II

If you change it to:

rm -rf /Users/$condemned

added after the dscl -delete command, that should do it.

joshuasee
Contributor III

That will work for most purposes, but keep in mind groups memberships would not be cleaned up, so a future user created with the same ID may magically become admin or end up in groups you don't expect. Password hashes may be left behind, though would be unlikely to affect future users. Also, make sure you're comfortable with assuming the home folder is in /Users/, it isn't always. Scripts to delete a user can get pretty elaborate depending on how many edge cases you want to cover and how thorough a job you want to do.

Superuser - How can I delete a Mac OS X user account from Command Line?