Delete AD accounts in a dev domain that don't exist in a production domain

it has been decided management our dev domain needs cleaned , "volunteered" task. i’m going start off admin level user accounts first; if admin user doesn’t exist in prod, shouldn’t exist in dev either.

what (think i) need do:

1. use get-aduser output list of admin accounts in prod (all our admin accounts follow specific naming scheme)
2. use get-aduser output list of admin accounts in dev
3. compare lists come on dev not on prod
4. delete users on dev on dev not prod

so questions are:

1.       can 1 machine? we’re talking 2 separate domains without trust relationship.
2.       what’s best way users? right i’m using “get-aduser -filter "samaccountname -like 's*****d'" -properties displayname | ft samaccountname”
3.       how should go comparing these 2 lists? $variable = compare-object?
4.       finally, easiest way of documenting each time it's run? should write csv file goes saying accounts existed , deleted? 

thanks, powershell syntax-fu weak

---

zarberg@gmail.com

hi zarberg,

sorry delay reply.

according pragram thoughts, script below may helpful you, can find users not exist in prod.txt , exist in dev.txt, , create new users in domain:

$array=@() $lines = get-content "d:\prod.txt"  foreach($line in $lines){ $array+=$line }  get-content "d:\dev.txt" | foreach{ if ($array -notcontains $_){ new-aduser $_} }

best regards,

anna

Windows Server  >  Windows PowerShell