in our SCOM environment, we ended up with a lot of email subscribers - for a lot of users we created a subscriber. and deleting is not possible unless the user is removed from all subscriptions.
so I released already a script to find a subscriber and then remove it from all subscriptions and then delete the subscriber.
this script takes it a step further. it can be used for cleanup of the subscribers (email only).
it will enumerate through all subscribers, check if it has an SMTP subscription, and then try to find the AD user based on the email address (and check if the found user is disabled)
it will then ask you if you want to delete the user (email address)
if you select YES, it will enumerate all subscriptions, and try to find the subscriber (by GUID) and remove it from every subscription. if removal fails with the error "requires at least one recipient" then the entire subscription is deleted. (maybe it would be better to ask first if you want to delete it - but that's up to you- that is pretty easy to implement)
$error.clear()
$ManagementServer = "FQDN"
$Module = get-module|where {$_.Name -match "OperationsManager"}
if (!($Module)){
Write-Host "Import OperationsManager Module"
import-module OperationsManager
}
$Module = get-module|where {$_.Name -match "ActiveDirectory"}
if (!($Module)){
Write-Host "Import ActiveDirectory Module"
import-module ActiveDirectory
}
Write-Host "Connecting to SCOM Management Group"
$ManagementServer = New-Object Microsoft.EnterpriseManagement.ManagementGroup($ManagementServer)
#popup window object
$YesNo = new-object -comobject wscript.shell
Function DeleteSubscriber
{
Param ([string]$SubID,
[String]$user)
$Subscriptions = Get-SCOMNotificationSubscription
foreach ($subscription in $Subscriptions)
{
$SubscriptionName = $subscription.DisplayName
$Recipient = $Null
foreach ($rec in $subscription.ToRecipients)
{
If ($rec.id -match $SubID)
{
$SubscriptionName + " -- " + $subscription.Enabled.ToString()
$Recipient = $rec
}
}
#we first have to exit the foreach loop above, otherwise it fails if we delete the user.
if ($Recipient -ne $Null)
{
try
{
$subscription.ToRecipients.Remove($Recipient)
$subscription.Update()
"deleted $user from" + $subscription.DisplayName
}
catch
{
if ($error[0].exception -match "requires at least one recipient")
{
Get-SCOMNotificationSubscription -Name $subscription.name | Remove-SCOMNotificationSubscription
"deleted subscription " + $subscription.DisplayName + " because $user was the only recipient"
}
}
}
}
"now we delete the subscriber $user with ID " + $SubID
Get-SCOMNotificationSubscriber -id $SubID | Remove-SCOMNotificationSubscriber
if ( $error[0].exception -match "Please call ManagementGroup.Reconnect()")
{
$ManagementServer.Reconnect()
"Subscriber $user was not deleted because it still is linked to a subscribtion"
}
}#END of Function
#Main - let's enumerate all subscribers
$subscribers = Get-SCOMNotificationSubscriber
foreach ($subscriber in $subscribers)
{
foreach ($protocol in $subscriber.devices)
{
if ($protocol.Protocol -eq "Smtp")
{
$email = $protocol.Address.tostring()
$filt = 'mail -eq "' + $email + '"'
$result = Get-ADUser -filter $filt
if ($result.enabled -eq $False -and $result -ne $null)
{
#the found AD account is disabled, so let's ask the question
$usr = $protocol.Address
$subscriber.Name + " -- " + $usr
$intAnswer = $YesNo.popup("Do you want to delete $usr", 0,"Delete User",4)
If ($intAnswer -eq 6)
{ #YES delete the user
DeleteSubscriber -SubID $subscriber.id -user $usr
}
else
{ #No
$protocol.Address + " will not be deleted"
}
}
}
}
}
so I released already a script to find a subscriber and then remove it from all subscriptions and then delete the subscriber.
this script takes it a step further. it can be used for cleanup of the subscribers (email only).
it will enumerate through all subscribers, check if it has an SMTP subscription, and then try to find the AD user based on the email address (and check if the found user is disabled)
it will then ask you if you want to delete the user (email address)
if you select YES, it will enumerate all subscriptions, and try to find the subscriber (by GUID) and remove it from every subscription. if removal fails with the error "requires at least one recipient" then the entire subscription is deleted. (maybe it would be better to ask first if you want to delete it - but that's up to you- that is pretty easy to implement)
$error.clear()
$ManagementServer = "FQDN"
$Module = get-module|where {$_.Name -match "OperationsManager"}
if (!($Module)){
Write-Host "Import OperationsManager Module"
import-module OperationsManager
}
$Module = get-module|where {$_.Name -match "ActiveDirectory"}
if (!($Module)){
Write-Host "Import ActiveDirectory Module"
import-module ActiveDirectory
}
Write-Host "Connecting to SCOM Management Group"
$ManagementServer = New-Object Microsoft.EnterpriseManagement.ManagementGroup($ManagementServer)
#popup window object
$YesNo = new-object -comobject wscript.shell
Function DeleteSubscriber
{
Param ([string]$SubID,
[String]$user)
$Subscriptions = Get-SCOMNotificationSubscription
foreach ($subscription in $Subscriptions)
{
$SubscriptionName = $subscription.DisplayName
$Recipient = $Null
foreach ($rec in $subscription.ToRecipients)
{
If ($rec.id -match $SubID)
{
$SubscriptionName + " -- " + $subscription.Enabled.ToString()
$Recipient = $rec
}
}
#we first have to exit the foreach loop above, otherwise it fails if we delete the user.
if ($Recipient -ne $Null)
{
try
{
$subscription.ToRecipients.Remove($Recipient)
$subscription.Update()
"deleted $user from" + $subscription.DisplayName
}
catch
{
if ($error[0].exception -match "requires at least one recipient")
{
Get-SCOMNotificationSubscription -Name $subscription.name | Remove-SCOMNotificationSubscription
"deleted subscription " + $subscription.DisplayName + " because $user was the only recipient"
}
}
}
}
"now we delete the subscriber $user with ID " + $SubID
Get-SCOMNotificationSubscriber -id $SubID | Remove-SCOMNotificationSubscriber
if ( $error[0].exception -match "Please call ManagementGroup.Reconnect()")
{
$ManagementServer.Reconnect()
"Subscriber $user was not deleted because it still is linked to a subscribtion"
}
}#END of Function
#Main - let's enumerate all subscribers
$subscribers = Get-SCOMNotificationSubscriber
foreach ($subscriber in $subscribers)
{
foreach ($protocol in $subscriber.devices)
{
if ($protocol.Protocol -eq "Smtp")
{
$email = $protocol.Address.tostring()
$filt = 'mail -eq "' + $email + '"'
$result = Get-ADUser -filter $filt
if ($result.enabled -eq $False -and $result -ne $null)
{
#the found AD account is disabled, so let's ask the question
$usr = $protocol.Address
$subscriber.Name + " -- " + $usr
$intAnswer = $YesNo.popup("Do you want to delete $usr", 0,"Delete User",4)
If ($intAnswer -eq 6)
{ #YES delete the user
DeleteSubscriber -SubID $subscriber.id -user $usr
}
else
{ #No
$protocol.Address + " will not be deleted"
}
}
}
}
}
No comments:
Post a Comment