-
-
Save SMSAgentSoftware/27ff318f3973b97ca6b5cb99e8c93293 to your computer and use it in GitHub Desktop.
[CmdletBinding(DefaultParameterSetName='All')] | |
Param | |
( | |
[Parameter(ParameterSetName='All',Mandatory=$true,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$true)] | |
[Parameter(ParameterSetName='Individual',Mandatory=$true,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$true)] | |
[string[]]$ComputerName, | |
[Parameter(ParameterSetName='All')] | |
[switch]$All = $True, | |
[Parameter(ParameterSetName='Individual')] | |
[switch]$AD, | |
[Parameter(ParameterSetName='Individual')] | |
[switch]$AAD, | |
[Parameter(ParameterSetName='Individual')] | |
[switch]$Intune, | |
[Parameter(ParameterSetName='Individual')] | |
[switch]$Autopilot, | |
[Parameter(ParameterSetName='Individual')] | |
[switch]$ConfigMgr | |
) | |
<# | |
****************** | |
** REQUIREMENTS ** | |
****************** | |
For AD, the host workstation must be joined to the domain and have line-of-sight to a domain controller. | |
For ConfigMgr, the host workstation must have the ConfigMgr PowerShell module installed. | |
For Azure AD, Intune and Autopilot, the Microsoft Graph PowerShell enterprise application with app Id 14d82eec-204b-4c2f-b7e8-296a70dab67e must have the following | |
permissions granted with admin consent: | |
- Directory.AccessAsUser.All (for Azure AD) | |
- DeviceManagementManagedDevices.ReadWrite.All (for Intune) | |
- DeviceManagementServiceConfig.ReadWrite.All (for Autopilot) | |
For all scenarios, the user account must have the appropriate permissions to read and delete the device records. | |
The required MS Graph modules will be installed for the user if not already present. | |
!! Updated 2023-07-14 to use the v2 of Microsoft Graph PowerShell SDK !! | |
#> | |
Begin | |
{ | |
Set-Location $env:SystemDrive | |
# Load required modules | |
#region Modules | |
If ($PSBoundParameters.ContainsKey("AAD") -or $PSBoundParameters.ContainsKey("Intune") -or $PSBoundParameters.ContainsKey("Autopilot") -or $PSBoundParameters.ContainsKey("All")) | |
{ | |
Write-Host "Importing modules" | |
# Get NuGet | |
$provider = Get-PackageProvider NuGet -ErrorAction Ignore | |
if (-not $provider) | |
{ | |
Write-Host "Installing provider NuGet..." -NoNewline | |
try | |
{ | |
Find-PackageProvider -Name NuGet -ForceBootstrap -IncludeDependencies -Force -ErrorAction Stop | |
Write-Host "Success" -ForegroundColor Green | |
} | |
catch | |
{ | |
Write-Host "Failed" -ForegroundColor Red | |
throw $_.Exception.Message | |
return | |
} | |
} | |
$module = Import-Module Microsoft.Graph.Identity.DirectoryManagement -PassThru -ErrorAction Ignore | |
if (-not $module) | |
{ | |
Write-Host "Installing module Microsoft.Graph.Identity.DirectoryManagement..." -NoNewline | |
try | |
{ | |
Install-Module Microsoft.Graph.Identity.DirectoryManagement -Scope CurrentUser -Force -ErrorAction Stop | |
Write-Host "Success" -ForegroundColor Green | |
} | |
catch | |
{ | |
Write-Host "Failed" -ForegroundColor Red | |
throw $_.Exception.Message | |
return | |
} | |
} | |
$module = Import-Module Microsoft.Graph.DeviceManagement -PassThru -ErrorAction Ignore | |
if (-not $module) | |
{ | |
Write-Host "Installing module Microsoft.Graph.DeviceManagement..." -NoNewline | |
try | |
{ | |
Install-Module Microsoft.Graph.DeviceManagement -Scope CurrentUser -Force -ErrorAction Stop | |
Write-Host "Success" -ForegroundColor Green | |
} | |
catch | |
{ | |
Write-Host "Failed" -ForegroundColor Red | |
throw $_.Exception.Message | |
return | |
} | |
} | |
$module = Import-Module Microsoft.Graph.DeviceManagement.Enrollment -PassThru -ErrorAction Ignore | |
if (-not $module) | |
{ | |
Write-Host "Installing module Microsoft.Graph.DeviceManagement.Enrollment..." -NoNewline | |
try | |
{ | |
Install-Module Microsoft.Graph.DeviceManagement.Enrollment -Scope CurrentUser -Force -ErrorAction Stop | |
Write-Host "Success" -ForegroundColor Green | |
} | |
catch | |
{ | |
Write-Host "Failed" -ForegroundColor Red | |
throw $_.Exception.Message | |
return | |
} | |
} | |
} | |
If ($PSBoundParameters.ContainsKey("ConfigMgr") -or $PSBoundParameters.ContainsKey("All")) | |
{ | |
$SMSEnvVar = [System.Environment]::GetEnvironmentVariable('SMS_ADMIN_UI_PATH') | |
If ($SMSEnvVar) | |
{ | |
$ModulePath = $SMSEnvVar.Replace('i386','ConfigurationManager.psd1') | |
if ([System.IO.File]::Exists($ModulePath)) | |
{ | |
try | |
{ | |
Import-Module $ModulePath -ErrorAction Stop | |
} | |
catch | |
{ | |
throw "Failed to import ConfigMgr module: $($_.Exception.Message)" | |
} | |
} | |
else | |
{ | |
throw "ConfigMgr module not found" | |
} | |
} | |
else | |
{ | |
throw "SMS_ADMIN_UI_PATH environment variable not found" | |
} | |
} | |
#endregion | |
#region Auth | |
If ($PSBoundParameters.ContainsKey("AAD") -or $PSBoundParameters.ContainsKey("Intune") -or $PSBoundParameters.ContainsKey("Autopilot") -or $PSBoundParameters.ContainsKey("All")) | |
{ | |
Write-Host "Authenticating..." -NoNewline | |
try | |
{ | |
$null = Connect-MgGraph -Scopes "Directory.AccessAsUser.All","DeviceManagementManagedDevices.ReadWrite.All","DeviceManagementServiceConfig.ReadWrite.All" -ErrorAction Stop | |
#$null = Connect-MgGraph -Scopes "Directory.AccessAsUser.All","DeviceManagementServiceConfig.ReadWrite.All" -ErrorAction Stop | |
Write-Host "Success" -ForegroundColor Green | |
} | |
catch | |
{ | |
Write-Host "Failed" -ForegroundColor Red | |
throw $_.Exception.Message | |
} | |
} | |
#endregion | |
} | |
Process | |
{ | |
foreach ($Computer in $ComputerName) | |
{ | |
Write-Host "===============" | |
Write-host "$($Computer.ToUpper())" | |
Write-Host "===============" | |
#region AD | |
If ($PSBoundParameters.ContainsKey("AD") -or $PSBoundParameters.ContainsKey("All")) | |
{ | |
Try | |
{ | |
Write-host "Locating device in " -NoNewline | |
Write-host "Active Directory" -ForegroundColor Blue -NoNewline | |
Write-Host "..." -NoNewline | |
$Searcher = [ADSISearcher]::new() | |
$Searcher.Filter = "(sAMAccountName=$Computer`$)" | |
[void]$Searcher.PropertiesToLoad.Add("distinguishedName") | |
$ComputerAccount = $Searcher.FindOne() | |
If ($ComputerAccount) | |
{ | |
Write-host "Success" -ForegroundColor Green | |
Write-Host "Removing device from" -NoNewline | |
Write-Host "Active Directory" -NoNewline -ForegroundColor Blue | |
Write-Host "..." -NoNewline | |
$DirectoryEntry = $ComputerAccount.GetDirectoryEntry() | |
$Result = $DirectoryEntry.DeleteTree() | |
Write-Host "Success" -ForegroundColor Green | |
} | |
Else | |
{ | |
Write-host "Fail" -ForegroundColor Red | |
Write-Warning "Device not found in Active Directory" | |
} | |
} | |
Catch | |
{ | |
Write-host "Fail" -ForegroundColor Red | |
Write-Error "$($_.Exception.Message)" | |
} | |
} | |
#endregion | |
#region AzureAD | |
If ($PSBoundParameters.ContainsKey("AAD") -or $PSBoundParameters.ContainsKey("All")) | |
{ | |
Write-Host "Locating device in" -NoNewline | |
Write-Host " Azure AD" -NoNewline -ForegroundColor Yellow | |
Write-Host "..." -NoNewline | |
try | |
{ | |
$AADDevice = Get-MgDevice -Search "displayName:$Computer" -CountVariable CountVar -ConsistencyLevel eventual -ErrorAction Stop | |
} | |
catch | |
{ | |
Write-Host "Fail" -ForegroundColor Red | |
Write-Error "$($_.Exception.Message)" | |
$LocateInAADFailure = $true | |
} | |
If ($LocateInAADFailure -ne $true) | |
{ | |
If ($AADDevice.Count -eq 1) | |
{ | |
Write-Host "Success" -ForegroundColor Green | |
Write-Host " DisplayName: $($AADDevice.DisplayName)" | |
Write-Host " ObjectId: $($AADDevice.Id)" | |
Write-Host " DeviceId: $($AADDevice.DeviceId)" | |
Write-Host "Removing device from" -NoNewline | |
Write-Host " Azure AD" -NoNewline -ForegroundColor Yellow | |
Write-Host "..." -NoNewline | |
try | |
{ | |
$Result = Remove-MgDevice -DeviceId $AADDevice.Id -PassThru -ErrorAction Stop | |
If ($Result -eq $true) | |
{ | |
Write-Host "Success" -ForegroundColor Green | |
} | |
else | |
{ | |
Write-Host "Fail" -ForegroundColor Red | |
} | |
} | |
catch | |
{ | |
Write-Host "Fail" -ForegroundColor Red | |
Write-Error "$($_.Exception.Message)" | |
} | |
} | |
ElseIf ($AADDevice.Count -gt 1) | |
{ | |
Write-Host "Fail" -ForegroundColor Red | |
Write-Warning "Multiple devices found in Azure AD. The device display name must be unique." | |
} | |
else | |
{ | |
Write-Host "Fail" -ForegroundColor Red | |
Write-Warning "Device not found in Azure AD" | |
} | |
} | |
} | |
#endregion | |
#region Intune | |
If ($PSBoundParameters.ContainsKey("Intune") -or $PSBoundParameters.ContainsKey("Autopilot") -or $PSBoundParameters.ContainsKey("All")) | |
{ | |
Write-Host "Locating device in" -NoNewline | |
Write-Host " Intune" -NoNewline -ForegroundColor Cyan | |
Write-Host "..." -NoNewline | |
try | |
{ | |
$IntuneDevice = Get-MgDeviceManagementManagedDevice -Filter "deviceName eq '$Computer'" -ErrorAction Stop | |
} | |
catch | |
{ | |
Write-Host "Fail" -ForegroundColor Red | |
Write-Error "$($_.Exception.Message)" | |
$LocateInIntuneFailure = $true | |
} | |
If ($LocateInIntuneFailure -ne $true) | |
{ | |
If ($IntuneDevice.Count -eq 1) | |
{ | |
Write-Host "Success" -ForegroundColor Green | |
Write-Host " DeviceName: $($IntuneDevice.DeviceName)" | |
Write-Host " ObjectId: $($IntuneDevice.Id)" | |
Write-Host " AzureAdDeviceId: $($IntuneDevice.AzureAdDeviceId)" | |
Write-Host "Removing device from" -NoNewline | |
Write-Host " Intune" -NoNewline -ForegroundColor Cyan | |
Write-Host "..." -NoNewline | |
try | |
{ | |
$Result = Remove-MgDeviceManagementManagedDevice -ManagedDeviceId $IntuneDevice.Id -PassThru -ErrorAction Stop | |
If ($Result -eq $true) | |
{ | |
Write-Host "Success" -ForegroundColor Green | |
} | |
else | |
{ | |
Write-Host "Fail" -ForegroundColor Red | |
} | |
} | |
catch | |
{ | |
Write-Host "Fail" -ForegroundColor Red | |
Write-Error "$($_.Exception.Message)" | |
} | |
} | |
ElseIf ($IntuneDevice.Count -gt 1) | |
{ | |
Write-Host "Fail" -ForegroundColor Red | |
Write-Warning "Multiple devices found in Intune. The device display name must be unique." | |
} | |
else | |
{ | |
Write-Host "Fail" -ForegroundColor Red | |
Write-Warning "Device not found in Intune" | |
} | |
} | |
} | |
#endregion | |
#region Autopilot | |
If (($PSBoundParameters.ContainsKey("Autopilot") -or $PSBoundParameters.ContainsKey("All")) -and $IntuneDevice.Count -eq 1) | |
{ | |
Write-Host "Locating device in" -NoNewline | |
Write-Host " Windows Autopilot" -NoNewline -ForegroundColor Cyan | |
Write-Host "..." -NoNewline | |
try | |
{ | |
$AutopilotDevice = Get-MgDeviceManagementWindowsAutopilotDeviceIdentity -Filter "contains(serialNumber,'$($IntuneDevice.SerialNumber)')" -ErrorAction Stop | |
#$Response = Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/deviceManagement/windowsAutopilotDeviceIdentities?`$filter=contains(serialNumber,'$SerialNumber')" -ErrorAction Stop | |
} | |
catch | |
{ | |
Write-Host "Fail" -ForegroundColor Red | |
Write-Error "$($_.Exception.Message)" | |
$LocateInAutopilotFailure = $true | |
} | |
If ($LocateInAutopilotFailure -ne $true) | |
{ | |
If ($AutopilotDevice.Count -eq 1) | |
{ | |
Write-Host "Success" -ForegroundColor Green | |
Write-Host " SerialNumber: $($AutopilotDevice.SerialNumber)" | |
Write-Host " Id: $($AutopilotDevice.Id)" | |
Write-Host " ManagedDeviceId: $($AutopilotDevice.ManagedDeviceId)" | |
Write-Host " Model: $($AutopilotDevice.Model)" | |
Write-Host " GroupTag: $($AutopilotDevice.GroupTag)" | |
Write-Host "Removing device from" -NoNewline | |
Write-Host " Windows Autopilot" -NoNewline -ForegroundColor Cyan | |
Write-Host "..." -NoNewline | |
try | |
{ | |
$Result = Remove-MgDeviceManagementWindowsAutopilotDeviceIdentity -WindowsAutopilotDeviceIdentityId $AutopilotDevice.Id -PassThru -ErrorAction Stop | |
If ($Result -eq $true) | |
{ | |
Write-Host "Success" -ForegroundColor Green | |
} | |
else | |
{ | |
Write-Host "Fail" -ForegroundColor Red | |
} | |
} | |
catch | |
{ | |
Write-Host "Fail" -ForegroundColor Red | |
Write-Error "$($_.Exception.Message)" | |
} | |
} | |
ElseIf ($AutopilotDevice.Count -gt 1) | |
{ | |
Write-Host "Fail" -ForegroundColor Red | |
Write-Warning "Multiple devices found in Windows Autopilot. The serial number must be unique." | |
Continue | |
} | |
else | |
{ | |
Write-Host "Fail" -ForegroundColor Red | |
Write-Warning "Device not found in Windows Autopilot" | |
} | |
} | |
} | |
#endregion | |
#region ConfigMgr | |
If ($PSBoundParameters.ContainsKey("ConfigMgr") -or $PSBoundParameters.ContainsKey("All")) | |
{ | |
Write-host "Locating device in " -NoNewline | |
Write-host "ConfigMgr " -ForegroundColor Magenta -NoNewline | |
Write-host "..." -NoNewline | |
Try | |
{ | |
$SiteCode = (Get-PSDrive -PSProvider CMSITE -ErrorAction Stop).Name | |
Set-Location ("$SiteCode" + ":") -ErrorAction Stop | |
[array]$ConfigMgrDevices = Get-CMDevice -Name $Computer -Fast -ErrorAction Stop | |
} | |
Catch | |
{ | |
Write-Host "Fail" -ForegroundColor Red | |
Write-Error "$($_.Exception.Message)" | |
$LocateInConfigMgrFailure = $true | |
} | |
If ($LocateInConfigMgrFailure -ne $true) | |
{ | |
If ($ConfigMgrDevices.count -eq 1) | |
{ | |
$ConfigMgrDevice = $ConfigMgrDevices[0] | |
Write-Host "Success" -ForegroundColor Green | |
Write-Host " ResourceID: $($ConfigMgrDevice.ResourceID)" | |
Write-Host " SMSID: $($ConfigMgrDevice.SMSID)" | |
Write-Host " UserDomainName: $($ConfigMgrDevice.UserDomainName)" | |
Write-Host "Removing device from" -NoNewline | |
Write-Host " ConfigMgr" -NoNewline -ForegroundColor Magenta | |
Write-Host "..." -NoNewline | |
try | |
{ | |
Remove-CMDevice -InputObject $ConfigMgrDevice -Force -ErrorAction Stop | |
Write-Host "Success" -ForegroundColor Green | |
} | |
catch | |
{ | |
Write-Host "Fail" -ForegroundColor Red | |
Write-Error "$($_.Exception.Message)" | |
} | |
} | |
ElseIf ($ConfigMgrDevices.Count -gt 1) | |
{ | |
Write-Host "Fail" -ForegroundColor Red | |
Write-Warning "Multiple devices found in ConfigMgr The device name must be unique." | |
Continue | |
} | |
else | |
{ | |
Write-Host "Fail" -ForegroundColor Red | |
Write-Warning "Device not found in ConfigMgr" | |
} | |
} | |
} | |
#endregion | |
} | |
} | |
End | |
{ | |
Set-Location $env:SystemDrive | |
If ($PSBoundParameters.ContainsKey("AAD") -or $PSBoundParameters.ContainsKey("Intune") -or $PSBoundParameters.ContainsKey("Autopilot") -or $PSBoundParameters.ContainsKey("All")) | |
{ | |
$null = Disconnect-MgGraph -ErrorAction SilentlyContinue | |
} | |
} |
No. I there is only one instance of the device it will delete it. However, If it detects the same computer name multiple times in azure ad it will not delete it. It will just delete it from Intune and Autopilot. It gives an error saying cannot delete device if there are multiple instance with same name or something like that.
No. I there is only one instance of the device it will delete it. However, If it detects the same computer name multiple times in azure ad it will not delete it. It will just delete it from Intune and Autopilot. It gives an error saying cannot delete device if there are multiple instance with same name or something like that.
Shoot... well sorry to hear that but for me it deletes all. It shows me all different device IDs in AAD and deletes them too.
I can't figure out why it's not deleting the devices in Azure AD if there is multiple of the same computer name. Lines 250-254 of the script is the error it is throwing. If I can figure out where in the script it is looking to see how many devices are in Azure AD with same name, I may be able to get it working. But I'm not sure.
ElseIf ($AADDevice.Count -gt 1)
{
Write-Host "Fail" -ForegroundColor Red
Write-Warning "Multiple devices found in Azure AD. The device display name must be unique."
}
I can't figure out why it's not deleting the devices in Azure AD if there is multiple of the same computer name. Lines 250-254 of the script is the error it is throwing. If I can figure out where in the script it is looking to see how many devices are in Azure AD with same name, I may be able to get it working. But I'm not sure.
ElseIf ($AADDevice.Count -gt 1) { Write-Host "Fail" -ForegroundColor Red Write-Warning "Multiple devices found in Azure AD. The device display name must be unique." }
Line 210 gets the device from AzureAD, or should I say Entra now?! Anyway, since the computer name is not a unique identifier if more than one device is returned it won’t process any of them since there is no way to know which device record you intended to delete without a UID. If you change the logic to allow that you risk unwanted deletions. Of course in an ideal world there would be no duplicate device names - I could wish that were a UID!
Hey,
First of all, many thanks for the script! Really useful!!!
Question: If I have a CSV file with a list of computers to be deleted instead deleting one by one, what should add to the script and where exactly within the script?
I'm newbie with scripts.
Many thanks in advance!
Best regardsHey it is answered 2 replies above. by @pctech2006 "
$computer_list = Import-Csv "c:\Scripts\ComputerName.csv" foreach ($computer in Unable to render expression.$computer_list) { C:\Delete-AutopilotedDeviceRecords.ps1 -ComputerName $($computer.ComputerName) -Autopilot -AAD -Intune }
I was actually able to accomplish this by editing lines 150 and 151 to include -ClientId, -TenantId, and -CertificateThumbprint. Also had to add Appication permissions to the API and add the certificate to the API. When I run the computer list script it then calls the Delete-AutopilotedDeviceRecords.ps1 and authenticates automatically and removes all devices in the list. Thanks for your help."
CheersHey,
I saw that answer, but I don't know how to make it...
Should I paste that lines between lines 150 & 151 of the script? Also I don't understand the last paragraph...
Sorry, but I'm almost dumb with scripts. A pasted script would be helpful if possible...
Thanks,
Best regards
I was wondering if you got this figured out, I need to remove almost 1.5k devices and gets a little annoying
***I edited out the last part and it will run continuously without prompting LIne 451-456
#Set-Location $env:SystemDrive
#If ($PSBoundParameters.ContainsKey("AAD") -or $PSBoundParameters.ContainsKey("Intune") -or $PSBoundParameters.ContainsKey("Autopilot") -or $PSBoundParameters.ContainsKey("All"))
#{
$null = Disconnect-MgGraph -ErrorAction SilentlyContinue
#}
@kdragon15047 You have to create another ps1 script to import your csv and call the Delete-AutopilotedDeviceRecords.ps1 script.
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
$computer_list = Import-Csv "PATH TO CSV FILE"
foreach ($computer in $computer_list)
{
\PATH TO\Delete-AutopilotedDeviceRecords.ps1 -ComputerName $($computer.ComputerName) -Autopilot -AAD -Intune
}
@kdragon15047 Paste these two lines to replace lines150 and 151 of the script. You will have to have Microsoft Graph setup in Azure and you will have to generate a certificate thumbprint in Azure. Replace the X's in the following lines with whatever your Client ID, Tenant ID, and Certificate Thumbprint is. They will be longer than what if referenced with the X's.
$null = Connect-MgGraph -ClientID xxxxxxxxxxxxxx -TenantId xxxxxxxxxxxxxxxx -CertificateThumbprint xxxxxxxxxxxxxxxx -ErrorAction Stop
#$null = Connect-MgGraph -ClientID xxxxxxxxxxxxxx -TenantId xxxxxxxxxxxxxxxx -CertificateThumbprint xxxxxxxxxxxxxxxx -ErrorAction Stop
Hey all, as it seems a popular request I've updated the script to work for multiple computers without requiring re-authentication. Simply call the script providing multiple computer names in a string array, eg:
Delete-DeviceRecords -ComputerName @("PC001","PC002") ...
Or use a variable containing multiple names:
$ComputerNames = @(
"PC001"
"PC002"
)
Delete-DeviceRecords -ComputerName $ComputerNames ...
I am having issues launching the script with an array. What am I missing? It seems to error everytime on the second device in the array. Any advise, I am sure I am missing something simple. Here is what I have tried and the error I am getting:
Tried this (entered my actual computer names instead of the examples, but used same exact formatting):
$ComputerNames = @(
"PC001"
"PC002"
)
Ran this command from PS: powershell.exe -File C:\Scripts\Delete-DeviceRecords.ps1 -ComputerName $ComputerNames -All
and got this error (I replaced the computer name with the example one):
C:\Scripts\Delete-DeviceRecordsDev.ps1 : A positional parameter cannot be found that accepts argument 'PC002'.
+ CategoryInfo : InvalidArgument: (:) [Delete-DeviceRecordsDev.ps1], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Delete-DeviceRecords.ps1
The script works fine if I just specify an individual device like this: powershell.exe -File C:\Scripts\Delete-DeviceRecordsDev.ps1 -ComputerName PC002 -All
Thanks
I am having issues launching the script with an array. What am I missing? It seems to error everytime on the secod device in the array. Any adive, I am sure I am missing something simple. Here is what I have tried and the error I am getting:
Tried this (entered my actual computer names instead of the examples, but used same exact formatting):
$ComputerNames = @(
"PC001"
"PC002"
)
Ran this command from PS: powershell.exe -File C:\Scripts\Delete-DeviceRecords.ps1 -ComputerName $ComputerNames -All
and got this error:
C:\Scripts\Delete-DeviceRecords.ps1 : A positional parameter cannot be found that accepts argument 'PC002'.
+ CategoryInfo : InvalidArgument: (:) [Delete-DeviceRecords.ps1], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Delete-DeviceRecords.ps1
The script works fine if I just specify an individual device like this:
Thanks
Hoping some has a better way to use this script without having to generate a certificate on the API. This seems so complicated for organizations that have to remove 100s or 1000s of computers every year.
I have a list of serial numbers and even computer names. I thought about using Microsoft Graph Explorer but that wants the Entra Device ID it seems.
I can't figure out why it's not deleting the devices in Azure AD if there is multiple of the same computer name. Lines 250-254 of the script is the error it is throwing. If I can figure out where in the script it is looking to see how many devices are in Azure AD with same name, I may be able to get it working. But I'm not sure.
ElseIf ($AADDevice.Count -gt 1) { Write-Host "Fail" -ForegroundColor Red Write-Warning "Multiple devices found in Azure AD. The device display name must be unique." }
Line 210 gets the device from AzureAD, or should I say Entra now?! Anyway, since the computer name is not a unique identifier if more than one device is returned it won’t process any of them since there is no way to know which device record you intended to delete without a UID. If you change the logic to allow that you risk unwanted deletions. Of course in an ideal world there would be no duplicate device names - I could wish that were a UID!
any progress/change regarding duplicate devices?
I can't figure out why it's not deleting the devices in Azure AD if there is multiple of the same computer name. Lines 250-254 of the script is the error it is throwing. If I can figure out where in the script it is looking to see how many devices are in Azure AD with same name, I may be able to get it working. But I'm not sure.
ElseIf ($AADDevice.Count -gt 1) { Write-Host "Fail" -ForegroundColor Red Write-Warning "Multiple devices found in Azure AD. The device display name must be unique." }
Line 210 gets the device from AzureAD, or should I say Entra now?! Anyway, since the computer name is not a unique identifier if more than one device is returned it won’t process any of them since there is no way to know which device record you intended to delete without a UID. If you change the logic to allow that you risk unwanted deletions. Of course in an ideal world there would be no duplicate device names - I could wish that were a UID!
any progress/change regarding duplicate devices?
As mentioned previously, the script won't delete duplicates by design. if you want to allow deletion of duplicates, you'll need to remove that "ElseIf ($AADDevice.Count -gt 1)" code section and modify the IF statement with a for..each loop to process each device in the $AADDevice variable.
ah i seee, thanks
Hi - great script, but I am currently having difficulty with removing devices from Intune - everything else is working a treat!
If I run the line to just remove from Intune:
.\Delete-DeviceRecords.ps1 -ComputerName MyPC -Intune
I get the following:
MyPC
Locating device in Intune...Fail
C:\Intune Files\Scripts\Maintenance\Delete-DeviceRecords.ps1 : [InternalServerError] : {
"_version": 3,
"Message": "An internal server error has occurred - Operation ID (for customer support):
00000000-0000-0000-0000-000000000000 - Activity ID: e73e2374-5ee2-46f5-bcb7-7dcf797c224b - Url: https://fef.msub01.mana
ge.microsoft.com/DeviceFE/StatelessDeviceFEService/deviceManagement/managedDevices?api-version=2023-10-19&$filter=devic
eName+eq+%27MyPC%27",
"CustomApiErrorPhrase": "",
"RetryAfter": null,
"ErrorSourceService": "",
"HttpHeaders": "{}"
}
At line:1 char:1
- .\Delete-DeviceRecords.ps1 -ComputerName MyPC -Intune
-
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Delete-DeviceRecords.ps1
The device does exist in Intune. I can use the normal command from the same PS window to remove it
Remove-MgDeviceManagementManagedDevice -ManagedDeviceId xxxxxxxxxxxx
Curious. I couldn't reproduce that error. Is there something strange about the real device name?
No, nothing at all. It did used to work too! Do I need a specific version of any of the modules, as I think I used to use it on an older machine
It is this line that is generating the problem $IntuneDevice = Get-MgDeviceManagementManagedDevice -Filter "deviceName eq 'devicename'" -ErrorAction Stop
I changed the variable to the actual device name and got the same fault. Very odd. Tried on a different device and let the script install all the modules.
I have the same result too. One correct device name and one with a completely different name and object. I understand instances where the device has an old record and a new one with the same name. But that’s not the case. I opened an issue with Microsoft on this get-MgDeviceManagementManagedDevice. Thank goodness your script returns an error if more than one is found or else I’d be having users wondering why their devices are not working correctly because their device got deleted by mistake.
Interesting...possibly a bug with the Get-MgDeviceManagementManagedDevice cmdlet in a certain module version then? I still have 2.12.0 of the Microsoft.Graph.DeviceManagement module installed and don't get any errors. Seems like the current version is 2.19.0.
I did have the same version, so I ended up deleting all the graph modules then ran the script again from a new PS session. It reinstalled everything and worked! Bit odd but that's computers for you. Thanks for the script. Working great!
Is anyone else having issues with devices being removed from Azure AD? I have deleted all graph modules and run the script again.
Removing device from Azure AD...Fail
Write-Error: [Authorization_RequestDenied] : Insufficient privileges to complete the operation.
It doesn't do that for you? Works for me and I am using stock script.