cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

937
Views
5
Helpful
5
Replies
bacland
Beginner

Is there a way to bulk delete users in ACS 3.2

I have ACS doing pass-thru authentication to an external database, and we have recently changed our user naming convention from first name + last initial to first initial + last name.

Is there a way to delete users that ACS has created dynamically, other than one by one? Can CSUtil.exe be used to accomplish this task, or is there some other command line procedure?

I don't want to delete ALL the users in the database, there are just a few that I want to remain, but not too many that I am opposed to recreating them if need be.

Any help is appreciated. Thanks in advance.

2 ACCEPTED SOLUTIONS

Accepted Solutions
martijn.jansen
Beginner

I would export all users to a text file. Then Isolate those users, for example in excel, that need to be deleted, after that run the textfile only with names that need to be deleted.

ofcourse back-up first.

net stop csauth

CSUtil.exe -u

cook users.txt

CSUtil.exe -i users.txt

DELETE:John

Cheers

View solution in original post

Did you try consistency checks?

Database issues

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user02/aa.htm#wp304876

Same user appears in multiple groups or duplicate users exist in the CiscoSecure ACS database. Unable to delete user from database.

Clean up the database typing the following command from the command line:

csutil -q -d -n -l dump.txt

View solution in original post

5 REPLIES 5
darpotter
Contributor

Hi

ACS v4.0 has an option for purging externally authenticated users, but on 3.2 the only way is to use an import file with csutil using the DELETE option.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080205a48.html#wp531498

martijn.jansen
Beginner

I would export all users to a text file. Then Isolate those users, for example in excel, that need to be deleted, after that run the textfile only with names that need to be deleted.

ofcourse back-up first.

net stop csauth

CSUtil.exe -u

cook users.txt

CSUtil.exe -i users.txt

DELETE:John

Cheers

I'd like to thank you both for your assistance. The solution you suggested solved my problem.

I have one more question, however. I have 5 users that I am unable to delete (via the script or GUI). The script says that they are already gone, and the GUI does not provide the 'delete' button on the user configuration screen. I suspect their entries have become corrupted somehow. No matter what I try their entries persist. Any ideas on how to force them out of ACS?

Brian

Did you try consistency checks?

Database issues

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user02/aa.htm#wp304876

Same user appears in multiple groups or duplicate users exist in the CiscoSecure ACS database. Unable to delete user from database.

Clean up the database typing the following command from the command line:

csutil -q -d -n -l dump.txt

Thanks again. After reloading the database I was able to delete the affected users. Your help is greatly appreciated.

Brian

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube