Can i completely remove all users except admin user?

Hi there! Actually, i have two questions!

Due to some problems with my “disabled users” (already posted on forum and github Can't reach "Disabled person" page - #5 by GillezDeleuze) I have two questions,
The first one: is there a way to comepletely remove all users (they integred by LDAP (windows AD) and custom also) from NC except basic admin user? so my Database and all the directories will be absolutely clear, as if I install NC from scratch.
My second question is about AD\LDAP Users. So, I didnt find any docs about this possible situation: if i delete someone from AD on LDAP server, so this person will be unavailble to login into NC, but i do not understand what wll happen with files of this person.
Thank u in advance! And i’m really sorry if i decided wrong forum category.

there is no operation to delete “every user and keep only the admin” but you can delete multiple users using the occ user: commands.

all settings and files of the user will remain in the server until you delete the user somehow… this allows you to transfer the files to another user and avoid data loss… this procedure should be part of you user management - remove the user from all systems where accounts created using sso backend like LDAP or OIDC

1 Like

I hope this message finds you well. I wanted to share with you a script I’ve developed for efficient management of deleted accounts in our cloud environment. Below is the script:

# Log file path

# Function to log a message
log_message() {
    local message=$1
    echo "$message" >> "$LOG_FILE"

# Redirect stdout and stderr to the log file
exec > >(tee -a "$LOG_FILE") 2>&1

# Log script start
log_message "-------------------------- BEGIN --------------------------"
log_message "$(date '+%Y-%m-%d %H:%M:%S')"
# Nextcloud installation path

# LDAP configuration

check_user_ldap() {
    local username=$1

    # Use ldapsearch to check the user in LDAP
    log_message "Checking LDAP for user $username"
    if ldapsearch -x -H "$LDAP_HOST:$LDAP_PORT" -D "$LDAP_BIND_USER" -w "$LDAP_BIND_PASSWORD" -b "$LDAP_BASE" "(sAMAccountName=$username)" | grep -q "sAMAccountName:"; then
       log_message "User $username found in LDAP."
        return 0  # Success, user found
        log_message "User $username not found in LDAP or deleted."
        SENDMAIL+="User $username not found in LDAP\n"
        return 1  # Failure, user not found

# Loop through users
compare_users() {
    local USER_LIST=("$@")

for TARGET_USER in "${USER_LIST[@]}"; do
    log_message "$TARGET_USER"

    # Skip the 'admin' user
    if [ "$TARGET_USER" == "admin" ] || [ "$TARGET_USER" == "###" ] || [ "$TARGET_USER" == "###" ] || [ "$TARGET_USER" ==  "###" ] || [ "$TARGET_USER" == "files_external" ] || [ "$TARGET_USER" == "__groupfolders" ] || [ "$TARGET_USER" == "standard-user" ] || [ "$TARGET_USER" == "updater-oce32ngxkpk9" ]; then
    # Check the user in LDAP
    if check_user_ldap "$TARGET_USER"; then
        #log_message "User $TARGET_USER found in LDAP."

        # Check LDAP status
        ldap_status=$(ldapsearch -x -H "$LDAP_HOST:$LDAP_PORT" -D "$LDAP_BIND_USER" -w "$LDAP_BIND_PASSWORD" -b "$LDAP_BASE" "(sAMAccountName=$TARGET_USER)" userAccountControl | grep -oP 'userAccountControl:\s*\K\d+')
        log_message "LDAP account control value is $ldap_status"

        # Disable or enable user in Nextcloud based on LDAP status
        if [ "$ldap_status" == 514 ]; then
            log_message "LDAP user is disabled, disabling in Nextcloud"
            $NEXTCLOUD_OCC_COMMAND user:disable --verbose --no-interaction "$TARGET_USER"
            log_message "User $TARGET_USER is disabled in Nextcloud."
        elif [ "$ldap_status" ==  66048 ] || [ "$ldap_status" == 512 ]; then
                if [ -d /home/nextcloud_data/data/"$TARGET_USER"/files ]; then
                        log_message "LDAP user is enabled, enabling in Nextcloud"
                        $NEXTCLOUD_OCC_COMMAND user:enable --verbose --no-interaction "$TARGET_USER"
                        log_message "User $TARGET_USER is enabled in Nextcloud."
                        log_message "Directory of "$TARGET_USER" doesnt exist somehow.It's better to manually create it: mkdir /home/nextcloud_data/data/$TARGET_USER/files and chown it to www-data"
                        SENDMAIL+="Directory of "$TARGET_USER" doesnt exist somehow.It's better to manually create it: mkdir /home/nextcloud_data/data/$TARGET_USER/files and chown it to www-data\n"

                log_message "Return value of user "$TARGET_USER" status: "$ldap_status" "
                SENDMAIL+= "Return value of user "$TARGET_USER" status: "$ldap_status"\n"
        log_message "User $TARGET_USER not found in LDAP or deleted."
        SENDMAIL+="User $TARGET_USER not found in LDAP or deleted.\n"

        # Implement logic for blocking in Nextcloud and moving files to the trash.
        if [ -d /home/nextcloud_data/data/"$TARGET_USER" ]; then
            log_message "Content of user "$TARGET_USER" folder"
            SENDMAIL+="Content of user "$TARGET_USER" folder: \n"
                for file in "${files[@]}"; do
                        log_message "$file"
            log_message "Moving user $TARGET_USER files to admin's trashbin directory"
            SENDMAIL+="Moving user $TARGET_USER files to admin's trashbin directory.\n"
            $NEXTCLOUD_OCC_COMMAND files:copy --verbose --no-interaction "$TARGET_USER/files" "admin/files_trashbin/files/$TARGET_USER/" || (log_message "Error copying files: $?"; SENDMAIL+="Error copying files: $?\n")
            log_message "waiting"
            sleep 2
            #$NEXTCLOUD_OCC_COMMAND files:delete --force "$TARGET_USER/files/" || (log_message "Error deleting files: $?"; SENDMAIL+="Error deleting files: $?\n")
            rm -rf /home/nextcloud_data/data/"$TARGET_USER" || log_message "Error deleting files: $?" SENDMAIL+="Error deleting files: $?\n"
            log_message "User $TARGET_USER files moved to admin's directory and original path /nextcloud_data/data/"$TARGET_USER" deleted"
            log_message "Running files:scan --all"
            $NEXTCLOUD_OCC_COMMAND files:scan --all --verbose --no-interaction
            log_message "Running maintenance:repair"
            $NEXTCLOUD_OCC_COMMAND maintenance:repair --verbose --no-interaction
            log_message "Running files:repair-tree"
            $NEXTCLOUD_OCC_COMMAND files:repair-tree --verbose --no-interaction
            $NEXTCLOUD_OCC_COMMAND maintenance:mode --off --verbose --no-interaction
            log_message "Directory of user $username was not found"
            SENDMAIL+="Directory of user $username was not found\n"

$NEXTCLOUD_OCC_COMMAND maintenance:repair --verbose --no-interaction
#sleep 60
$NEXTCLOUD_OCC_COMMAND user:sync-account-data --verbose --no-interaction
#sleep 60
# Get user list from Nextcloud
USER_LIST=($($NEXTCLOUD_OCC_COMMAND user:list --verbose --no-interaction --limit=1000 | awk -F':' '{print $1}' | tr -d ' ' | sed 's/^-//'))
#compare_users "${USER_LIST[@]}"
for folder in /home/nextcloud_data/data/*/; do
        if [[ !  "${USER_LIST[@]} "  =~ ("$(basename "$folder")") ]]; then
                USER_LIST+=("$(basename "$folder")")
                log_message "This user "$(basename "$folder")" was not in list of users, but his nextcloud folder exists"
                log_message "This user "$(basename "$folder")" is already in list of users"
compare_users "${USER_LIST[@]}"
# Log script end
log_message "-------------------------- END ----------------------------"
if [ -n "$SENDMAIL" ]; then
        echo "$(date '+%Y-%m-%d %H:%M:%S')";
        echo "-------------------------- BEGIN --------------------------";
        echo -e "$SENDMAIL";
        echo "-------------------------- END ----------------------------";
}  | mail -a "From:" -s "Nextcloud_adchecker_error"
log_message -e "Content of log mail: "$SENDMAIL" "

This script is designed to streamline the process of managing user accounts within Nextcloud, ensuring that deleted accounts are properly handled and files are managed according to our organization’s policies.

Please feel free to review and utilize this script as needed. Should you have any questions or require further assistance, don’t hesitate to reach out.

Best regards