Posted on 05-18-2015 10:18 AM
I'm looking to remove six local user accounts from a group of MacBooks. The user names are all different, but they all have the user IDs 501 through 506. Is there a command or script that I can add to a policy to make this happen?
Posted on 05-18-2015 11:25 AM
So you just need a way to ferret out the account names?
#!/bin/bash for((i=1;i<7;i++)); do condemned=$(dscl /Local/Default -search /Users UniqueID 50$i | cut -sf1); if [[ -n "$condemned" ]]; then # Add preferred account nuking script or policy trigger here. Item below is not sufficient. dscl /Local/Default -delete /Users $condemned fi; done
Posted on 05-18-2015 11:28 AM
Are you looking only to remove the user accounts from directory services, or the home folders for them as well?
Posted on 05-18-2015 11:51 AM
I would prefer to wipe the home folders.
Would a line such as the below work in joshuasee's script?
rm -rf/Users $condemned
Posted on 05-18-2015 12:21 PM
If you change it to:
rm -rf /Users/$condemned
added after the dscl -delete command, that should do it.
Posted on 05-18-2015 12:35 PM
That will work for most purposes, but keep in mind groups memberships would not be cleaned up, so a future user created with the same ID may magically become admin or end up in groups you don't expect. Password hashes may be left behind, though would be unlikely to affect future users. Also, make sure you're comfortable with assuming the home folder is in /Users/, it isn't always. Scripts to delete a user can get pretty elaborate depending on how many edge cases you want to cover and how thorough a job you want to do.
Superuser - How can I delete a Mac OS X user account from Command Line?