Wednesday, 17 June 2015

Cleaning up stale device entries in SCCM 2012 and Active Directory

While you can run the Site Maintianence tasks within SCCM - "Delete Aged Discovery Data" and "Delete Inactive Client Discovery Data" - but unfortuantly this does not delete

the assoisated devices computer objects in AD. So as I wrote a quick proof on concept script to do just this...

We should firstly launch the SCCM Console >> Monitoring >> Reporting >> Reports >> Computers not discovered recently >> enter "30" days and select the relevent collection that holds all of your workstations (e.g. 'All Systems'.) When I find the time I would like to use SQL Reporting Services to extract the data - so the above process could be automated in the script below.

We will now need to feed the report into the following script - that will then delete the relevent SCCM devices and AD computer objects:

** This script should be tested in a development environment firstly! It is only in an alpha state and should ideally only be used as concept to understand how the task could be completed **

# SCCM 2012 R2 Device Cleanup Script

# Pre-requisites
# - Windows PowerShell 3.0 https://www.microsoft.com/en-gb/download/details.aspx?id=34595
# - Tested on Server 2008 R2 and Server 2012 SP1
# - SCCM Console is installed on the server
# - Executed by a user with the relevent privilages to access SCCM and delete computer objects from AD.

#PowerShell Version Check
if ($PSVersionTable.PSVersion.Major -gt 2)
   {
    Write-Output "PowerShell 3.0 or above detected!"
   }
   else
   {
        Write-Output "Please ensure you are running this script with PowerShell 3.0 or above! (Use the -version switch)"
    pause
    exit
   }

# Variables
param(
[string]$input-report
)
$sccm-server-name
$sccm-site-name
$auto-delete = false
#

# Register modules
Import-Module ((Split-Path $env:SMS_ADMIN_UI_PATH)+"\ConfigurationManager.psd1")
Import-Module ActiveDirectory

# Change to SCCM site directory
cd $sccm-site-name + ":"

# Strip the first three lines from the file
$sccm_devices = (get-content $input-report)
$sccm_devices = $sccm_devices | select -Skip 3
$sccm_devices > sccm_devices.csv

# Parse file as CSV
$sccm_devices_csv = Import-Csv -Path sccm_devices.csv

# Get data from the 'Details_Table0_Netbios_Name0' column (making sure table labelling is stripped)
$sccm_devices_csv = $sccm_devices_csv | Select-Object Details_Table0_Netbios_Name0 | Format-Table -HideTableHeaders

# Convert to string type
$sccm_devices_csv > sccm_devices_filtered.txt
# Get file contents, stripping any blank lines
$sccm_devices_csv = @(get-content sccm_devices_filtered.txt) -match '\S'

$sccm_devices_array = $sccm_devices_csv -Split '[\r\n]'
foreach ($device in $sccm_devices_array)
{
        # Remove the nodes from SCCM and also Active Directory
    if ($auto-delete -eq true)
    {
        Remove-ADComputer $Computer -ErrorAction Stop -Force
        Remove-CMDevice -DeviceName $device -Force
    }
    else
    {
        Remove-ADComputer $Computer -ErrorAction Stop
        Remove-CMDevice -DeviceName $device
    }
    }

2 comments:

  1. can this now be used directly.

    ReplyDelete
  2. Hello, how to ignore the AD deletion part? I just need to clean the SCCM database.

    ReplyDelete