Remove deleted Active Directory users in Portal for ArcGIS using Python

Summary

When using IWA authentication in ArcGIS Enterprise, there is no option to delete the IWA Portal for ArcGIS members who no longer exist in the Active Directory. The user can manually delete them but this can be a time-consuming process depending on the number of members in Portal for ArcGIS.

Procedure

The following steps can be done to automatically delete all deleted Active Directory members in Portal for ArcGIS:

1. Contact your IT department to import all current Active Directory users into a CSV file.
2. Run the following Python script:

#import libraries and modules

import csv
import arcgis
from arcgis.gis import GIS

#assign variables:

username = "<administrator username>"
password = "<administrator password>"
initial_admin_username = "<initial administrator username>"
portal_url = "< https : // server.domain.com/ webadaptor/home >"
file = r"<path to csv file>.csv"
gis = GIS(portal_url, username, password, verify_cert=False)
users = gis.users.search(max_users=99999)

#specify the index of the column that has the users' emails in the CSV file

#note: the first column's index is 0

column_index = <index>

#assign lists

iwa_emails = []
users_deleted = []
users_not_deleted = []

#read csv file

with open(file, 'r') as csvfile:
        datareader = csv.reader(csvfile)
        for row in datareader:
                iwa_emails.append(row[column_index])


#identify the members that are not listed in the CSV file and are not the initial administrator
#you can also add the other built-in members that you don't want to delete here

for user in users:
                if user.email not in iwa_emails and user.username != initial_admin_username:
                               users_deleted.append(f"{user.username}")

#delete them and reassign the content they own to the initial Portal for ArcGIS administrator or to any member you want
#you can comment the try-except statement to make sure you want to delete all the users first and then run the script without the comments
                               try:
                                       user.delete(reassign_to=initial_admin_username)
                               except Exception as ex:
                                       print(ex)

#identify the members that are listed in the csv file
                else:
                        users_not_deleted.append(f"{user.username}")                

#print the members that were deleted and the members that were not

print(f"Users that were deleted are: {users_deleted}")
print(f"Users that were not be deleted are: {users_not_deleted}")

Note:
This script should be executed with the help of a support analyst.