Skip to main content

Hi there,

I'm working on a script to wipe out student mobile accounts from our lab machines.

These machines are AD-bound, provisioning options are set to create mobile account at login with no confirmation.

Here's the script I'm running. As you can see, very simple because all our student accounts contain the "." character (e.g. john.doe) --

 

# list all users with the "." character in their names
USERS=$( dscl . ls /Users | grep -e "\\." )
# echo users
echo Deleting the following users: $USERS
# delete users
/usr/bin/dscl . delete /Users/"$USERS"
echo User accounts deleted
# delete home folders
/bin/rm -rf /Users/"$USERS"
echo User home folders deleted

 

The script successfully removes my test student account, but then I'm unable to re-add the student to the device from the login screen after a reboot, which will prevent students from being able to use the computers.

Any ideas where I could get more information on what is broken?

Alternatively, if there's a smarter way I should be doing this, I'm also open to that!

 

Thanks in advance

Your script looks like it would attempt to delete everything in $USERS at once. You probably want to iterate through your $USERS array with a for loop. Additionally, I would do your user deletion with sysadminctl instead of dscl.


/usr/sbin/sysadminctl -deleteUser ${user}

 

I appreciate the guidance! I'll rework it and check it out.

OH MY GOD.

In a completely unrelated, right hand not talking to the left hand scenario, the part of my team that handles identity automation borked the exact test account that I was using. The script worked fine.

BUT, I'm still going to try it again with the for loop and sysadminctl anyway as it seems like a more elegant approach.

What a week.

Your script looks like it would attempt to delete everything in $USERS at once. You probably want to iterate through your $USERS array with a for loop. Additionally, I would do your user deletion with sysadminctl instead of dscl.


/usr/sbin/sysadminctl -deleteUser ${user}

 


I ended up reworking it to the following. As I mentioned in my comment below, my test account not working after-the-fact with the original script was actually pure coincidence that my identity automation team had disabled that test account for unrelated reasons in the middle of me testing it, lol. Either way, I the below method works great, although it does take a while to run if you have a lot of users on the device. Anyway thanks for the feedback!

 

#!/bin/bash

# Get a list of user accounts with "." in their usernames
userList=$(dscl . -list /Users | grep -E '\\.')

# Iterate through the user accounts
for user in $userList; do
# Check if the user is a standard user (not a system account)
if [[ $(id -u $user) -ge 501 ]]; then
echo "Deleting user account: $user"

# Delete the user account
sysadminctl -deleteUser $user

# Delete the home folder
rm -rf /Users/$user

echo "User account and home folder deleted"
else
echo "Skipping system account: $user"
fi
done

echo "Student user accounts removed!"
exit 0

 

Reply


Terms & ConditionsCookie settings