Removing user from ADSI from *other ldap domain*

Our application allows the customer to authenticate to their own domain via Ldap but we keep a cached copy of those logons and accounts in “myserver” ADSI. Due to limitations with another part of our application I have a need to delete several thousand of those cached accounts from myserver ADSI

Keep in mind that this is NOT FOR MY DOMAIN but for the customer’s domain. And no, I’m not trying to delete accounts in THEIR domain, just our cached copies in ADSI.

The following line of code does NOT throw an error but it also does NOT delete the acct (neither does piping it to “remove-aduser”

Get-ADObject -Server “myserver:3890” -SearchBase “CN=fqdn.customer.org,CN=Authentication Sources,O=Enterprise,CN=DifferentDirectory” -filter {name -eq “testuser”} | remove-adobject

Side note: I can query this tree of the default naming context just fine

Get-ADObject -Server “myserver:3890” -filter ‘objectclass -like “*”’ -SearchBase “CN=fqdn.customer.org,CN=Authentication Sources,O=Enterprise,CN=DifferentDirectory”

or I can use -ldapfilter switch to get pertinent info about a specific account.

It’s a weird situation since I’m NOT dealing with accounts in my own domain. Many other variations on this theme throw errors referencing my own domain, partitions, etc. I’ve worked through all of those I think. The above examples SHOULD work in my opinion.

Final note: I CAN delete the user in the ADSIEDIT gui but as mentioned, they have given me a list of thousands of accts that need removing. There’s gotta be a way?!

I figured it out (I’m feeding it a list of $users)

Get-ADObject -Server “myserver:3890” -SearchBase “CN=fqdn.customer.org,CN=Authentication Sources,O=Enterprise,CN=DifferentdirectoryDirectory” -Filter * | Where-Object {$_.name -eq “$user”} | Remove-ADObject -confirm:$false