-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add script to automate account deletion #1508
Add script to automate account deletion #1508
Conversation
Do the second one. Uploading scripts to the SHM is complex (we upload them to a storage account and then copy them to the SHM). It's only necessary for scripts that need to be run in a GUI (eg. ones that have an AAD login pop-up). Remote scripts will hang if there is any kind of error in them (also can't be retried for 90 minutes). Make sure you test interactively but non-destructively on the DC. |
The command in this remote script won't give an output, but this should be something that is easy for an SHM admin to check manually @JimMadge maybe I should add a second part of the script that prints out the remaining users and their security group or something like that, for the purpose of checking? |
Yes something like a before and after list of users could work. It feels like this is place where it is important to understand what has happened. An admin will need to confirm the users were removed correctly (and fix any cases where removing a user failed). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A couple of thoughts here.
- It would be good to add a dry-run flag (typically done using
[CmdletBinding(SupportsShouldProcess=$True)]
which gives you a -WhatIf flag) to show which users would be removed without doing it - The script called
SRE_Delete_Unassigned_Users.ps1
doesn't have anything to do with SREs, right? Maybe change the name.
Co-authored-by: James Robinson <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM - if it works :)
@jemrobinson please merge I'm not allowed |
✅ Checklist
Enable foobar integration
rather than515 foobar
).develop
.'[WIP]'
to the title if needed (if you're not yet ready to merge)../tests/AutoFormat_Powershell.ps1 -TargetPath <path to file or directory>
for Powershell).@alan-turing-institute/data-safe-haven-code-administrators I will add instructions on how/when to use this script in the Turing context to the Turing TRESA docs, but for the DSH docs I think this is sufficient
🌂 Related issues
Turing internal production environments repo: https://github.com/alan-turing-institute/trusted-research/issues/224
🔬 Tests