Bulk deletion of users


I'm taking over the main administration of the domain for the college I work in, I've come across over 14,500 inactive accounts from the last 6/7/8/? years and want to delete them.

These accounts are under the main tree but under different OU's so I'm not sure it's a simple task. 

I do have a CSV of all the usernames so was hoping there was an easy way to use this.

I've looked through the JRBUtils hoping for a nice tool to help but no luck.

Can anyone point me in the right direction for bulk deleting users across multiple OU's?

  • Verified Answer

    Well, if you have a list of the affected objects with full context, you can script something to generate an LDIF file in the following format


    dn: cn=user1,ou=someOU,o=someOrg
    changetype: delete

    dn: cn=user2,ou=anotherOU,o=anotherOrg
    changetype: delete


    Import it from the commandline or within iManager (ICE), if you prefer.

    Even simpler, if you generate a file in this format




    and save it as let's say "filename.txt" you can enforce it from the CL via e.g.

    LDAPTLS_REQCERT=never ldapdelete -H ldaps://xx.xx.xx.xx:636 -x -D "cn=admin,o=org" -W < filename.txt

  • Works a treat, thanks Mathias! One more onto this though, I've just found I need to keep a a couple thousand of these accounts another few months so want to disable a portion instead of delete. Is there a similar command to do this at all? We did try LDAPDISABLE on the off chance it would work.

Reply Children