Orchestrator Runbook: Delete Machines from SCCM

This article will detail an Orchestrator Runbook that has the ability to delete devices from SCCM based on computer name or MAC address. This script works with SCCM 2012 – it has not been tested on SCCM 2007. The primary reason for this runbook is to be able to delete devices from a web browser using the Orchestration Web Console. The runbook will take computer name and MAC address inputs and execute. There is also error checking along the way. The user will be able to feed multiple computer names, MAC addresses, or both to the runbook.

Here is what the runbook will look like:


Initialize Data

The first step, Initialize Data, is under the Runbook Control activities. Drag it into your runbook and open it. Create two parameters. I named mine “Computer Name(s)” and “MAC Address(es)”. Also, decide what character you want to use as a separator. I chose a semicolon.


Split/Validate Entries

Next, drag a “Run .NET Script” activity into your runbook. Name it “Split/Validate Entries” and change the language to PowerShell. As the title says, this activity will validate the entries by checking SCCM for corresponding names or MAC addresses and split the values into an array. Paste this code into the “Script” box:

$uf_wmi_names = @()
$f_wmi_names = @()
$wmi_macs = @()
$res_ids = @()
$not_valid = @()

$wmi = Get-WmiObject -computername -namespace “root\sms\site_” -class SMS_R_SYSTEM

$uf_wmi_names = $wmi | select-object Name
ForEach ($name in $uf_wmi_names) {
$str_name = “$name”
$f_wmi_names += $str_name.trim(“@{Name=”).trim(“}”)

$wmi_macs = PowerShell {
$wmi = Get-WmiObject -computername -namespace “root\sms\site_” -class SMS_R_SYSTEM
$wmi.MACAddresses }

$uf_names = “{Computer Name from “Initialize Data”}”
$split_names = $uf_names -split “;”

ForEach ($split_name in $split_names) {
If ($f_wmi_names -contains $split_name) {
$res_ids += ($wmi | where-object -filterscript {$_.Name -eq “$split_name”}).ResourceID }
Else { $not_valid += $split_name }

$uf_mac_addr = “{MAC Address from “Initialize Data”}”
$split_mac_addrs = $uf_mac_addr -split “;”

ForEach ($split_mac_addr in $split_mac_addrs) {
If ($wmi_macs -contains $split_mac_addr) {
$res_ids += ($wmi | where-object -filterscript {$_.MACAddresses -like “*$split_mac_addr*”}).ResourceID }
Else { $not_valid += $split_mac_addr }

Be sure to replace placeholders for site server name and site code. Also, be sure to change the text blue to your actual Published Data from the previous step. Most of this script is self-explanatory. I define the arrays I’m using, pull all computer information into a variable and compare it to what was entered in Initialize Data.

The only thing that is not so evident is the line that begins “$wmi_macs = PowerShell {“. This couple of lines launches another PowerShell session, pulls the MAC addresses, and basically reads them into the $wmi_macs variable. I had to do this because the data stored in the MACAddresses property of my WMI query is not a string format. We are limited in our string conversion methods in PowerShell v2. Launching another session allows us to just read everything into a variable. Having to do this slows the script down because it has run the big WMI query again, but it’s the easiest way to get our information.

We need to publish two variables to the next step. To do this, go to the “Published Data” node and give it this information:


Delete Computer Object

Next, drag another Run .NET Script activity into your runbook, name it Delete Computer Object and change the language to PowerShell. Paste this code into the script box:

$name = (Get-WmiObject -computername -namespace “root\sms\site_” -class SMS_R_SYSTEM | Where-Object -FilterScript {$_.ResourceID–eq”{ResourceIDs from “Split/Validate Entries”}”}).Name

$comp = [wmi]”\\\root\sms\site_:sms_r_system.resourceID={ResourceIDs from “Split/Validate Entries”}”

Again, be sure to replace the placeholders with your actual site server and site code and replace the blue text with the real Published Data.

The first line of this gets the computer name for us to use in the next step. The second and third lines deletes the object.

Platform Events

Next, we will go over the three Platform Event activities. These are “Invalid Entry”, “Delete Failure”, and “Delete Success”. You can find Platform Events under the Notification activity node. These events will show a message under the “Events” node of the web console, as illustrated here:


Here is what the setup for this event looks like (Invalid Entry):


You can make these events say whatever you want for your environment. It’s important to also change the link between the Run .NET Script activities and these platform events. Basically, set the link to the Invalid Entry Published Data does not equal blank.


For Delete Computer Objects, just change it to failed:


Error Runbook

These two Run .NET Script activities have one line:

write-host “error”

This line will force the runbook to end in a “Warning” state, which will show as warning icon instead of successful icon on the web console. This would be an indicator to your users that they need to see the “Events” node to see why the runbook failed to delete the computer object.

A runbook export of this will be available under the “Scripts” section of our website.



Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.