AWS Workspaces – Clean up orphaned Managed AD objects

by

If you manage a large number of AWS workspaces, chances are you will end up with orphaned computer AD objects cluttering up your domain.

This script pulls a list of workspaces, compares it to the list of machines in AWS managed AD and removes any AD computer object without a corresponding workspace.

This script requires you to have already set up AWS PowerShell and authentication. (See https://docs.aws.amazon.com/powershell/latest/userguide/pstools-getting-set-up-windows.html and https://docs.aws.amazon.com/powershell/latest/userguide/pstools-appendix-sign-up.html)

It will display a list of orphaned objects for you to review in a grid-view before proceeding with the delete.

 

#####################################################
#             V1.0 Jimmy White 01/12/2020           #
#    Check for and remove orphaned AD computers     #
#   Gets list of AWS Workspaces and AD computers    #
#   any ad computer without a workspace is removed  #
#####################################################
Clear-Host
#change this line to the OU with all your workspace computer objects..
#there should be NO other types of computer objectsin this OU or they WILL be deleted..
$searchbase = "OU=Computers,OU=contoso,DC=com"
#there may be some computers in this OU you wish to ignore, enter the prefix for them here..
$prefixToIgnore = "IP"

$todelete = @()
Write-host "`n`n`n`n`n`n`n`nGetting a list of AWS workspaces, this may take some time, please hold caller.." -ForegroundColor Green
try{
    $wks = Get-WKSWorkspace 
}
catch
{
    write-host "Trouble getting list of AWS workspaces, rate limit may have been exceeded, please try later" -ForegroundColor Red
    stop
}
$AWSComputernames = $wks.ComputerName
$adcomputernames = (get-adcomputer -SearchBase $searchbase -filter *).name
$progress=1
Write-host "Hold to your hats, about to do some sums.." -ForegroundColor Cyan
foreach($adcomputer in $adcomputernames)
{
    $perc = [math]::Round((100/$adcomputernames.count) * $progress,2)
    Write-Progress -Id 1 -activity "Working on $adcomputer" -status "$perc% Complete:" -PercentComplete $perc
    if($AWSComputernames.Contains($adcomputer) -eq $false)
    {
        #computer says no!
        if($adcomputer.startswith($prefixToIgnore) -eq $false){

        $todelete += $adcomputer
        }
    }
    $progress ++
}
write-host "About to delete " $todelete.count " AD computer objects..." -ForegroundColor yellow
$todelete | out-gridview
if($todelete.count -le 100){
    write-host "Its a slow day, only " $todelete.count " objects to delete" -ForegroundColor Cyan
    }else
    {
    write-host "Wow! its messy in here, we have " $todelete.count " objects to delete!!!" -ForegroundColor DarkYellow
    }
$confirmation = Read-Host "Are you Sure You Want To Proceed:"
if ($confirmation -eq 'y') {
    # proceed
    $progress=1
    foreach($computer in $todelete)
    {
        $perc = [math]::Round((100/$todelete.count) * $progress,2)
        Write-Progress -Id 1 -activity "Deleting $computer" -status "$perc% Complete:" -PercentComplete $perc
        get-adcomputer $computer | Remove-ADComputer -Confirm:$false
        $progress ++
    }
    write-host "Finished! $todelete.count objects were removed" -ForegroundColor Cyan
}
else
{
    write-host "Aborted" -foregroundcolor red
}

 

 

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.