01-19-2006 01:12 PM - edited 03-10-2019 02:26 PM
I have ACS doing pass-thru authentication to an external database, and we have recently changed our user naming convention from first name + last initial to first initial + last name.
Is there a way to delete users that ACS has created dynamically, other than one by one? Can CSUtil.exe be used to accomplish this task, or is there some other command line procedure?
I don't want to delete ALL the users in the database, there are just a few that I want to remain, but not too many that I am opposed to recreating them if need be.
Any help is appreciated. Thanks in advance.
Solved! Go to Solution.
01-24-2006 06:27 AM
I would export all users to a text file. Then Isolate those users, for example in excel, that need to be deleted, after that run the textfile only with names that need to be deleted.
ofcourse back-up first.
net stop csauth
CSUtil.exe -u
cook users.txt
CSUtil.exe -i users.txt
DELETE:John
Cheers
01-25-2006 01:45 AM
Did you try consistency checks?
Database issues
Same user appears in multiple groups or duplicate users exist in the CiscoSecure ACS database. Unable to delete user from database.
Clean up the database typing the following command from the command line:
csutil -q -d -n -l dump.txt
01-23-2006 01:16 PM
Hi
ACS v4.0 has an option for purging externally authenticated users, but on 3.2 the only way is to use an import file with csutil using the DELETE option.
01-24-2006 06:27 AM
I would export all users to a text file. Then Isolate those users, for example in excel, that need to be deleted, after that run the textfile only with names that need to be deleted.
ofcourse back-up first.
net stop csauth
CSUtil.exe -u
cook users.txt
CSUtil.exe -i users.txt
DELETE:John
Cheers
01-24-2006 08:18 AM
I'd like to thank you both for your assistance. The solution you suggested solved my problem.
I have one more question, however. I have 5 users that I am unable to delete (via the script or GUI). The script says that they are already gone, and the GUI does not provide the 'delete' button on the user configuration screen. I suspect their entries have become corrupted somehow. No matter what I try their entries persist. Any ideas on how to force them out of ACS?
Brian
01-25-2006 01:45 AM
Did you try consistency checks?
Database issues
Same user appears in multiple groups or duplicate users exist in the CiscoSecure ACS database. Unable to delete user from database.
Clean up the database typing the following command from the command line:
csutil -q -d -n -l dump.txt
01-25-2006 07:46 AM
Thanks again. After reloading the database I was able to delete the affected users. Your help is greatly appreciated.
Brian
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide