Deleting Users from Prism Central

Deleting users from Prism Central can become challenging at times. I recently came across a scenario in which trying to remove a user didn't work.

Removing a user via Prism Central CLI:

  1. Connect to the Prism Central cluster IP via SSH, and run: nuclei user.list
nutanix@PCVM:/tmp$ nuclei user.list
2021/02/02 17:24:16 Connected to 172.212.120.213:9876
2021/02/02 17:24:16 Authenticating connection 0x0
2021/02/02 17:24:16 nuclei is attempting to connect to Zookeeper
2021/02/02 17:24:16 Authenticated: id=0x176afba7f52e141, timeout=20000
"Total Entities : 36"
"Length : 20"
"Offset : 0"
"Entities :"
Name                                  UUID                                  State     
00053c4e-d332-20e7-2e00-246e9620c630  356569c0-74d6-5428-b705-74ba4fb58930  COMPLETE  
00053c50-a109-b9f1-0491-246e9620d740  20ba0942-4156-53e2-ac05-7c800f307a3f  COMPLETE  
00053d67-19c9-43a1-3105-246e961e09c8  3d2cb641-9f97-5dbb-b3c4-ece40cf59218  COMPLETE  
00053d6d-5be7-2e05-2888-246e961e09b0  de9f1db6-3fc3-5f7f-8631-04b8b3f9cdb4  COMPLETE  
admin                                 00000000-0000-0000-0000-000000000000  COMPLETE  
pr@myspace.com                     61041064-90e8-563e-8e6b-2037589f6e56  COMPLETE  

2. Execute the delete command: nuclei user.delete user_uuid

nutanix@PCVM:/tmp$ nuclei user.delete 61041064-90e8-563e-8e6b-2037589f6e56
2021/02/02 17:27:28 Connected to 172.22.10.12:9876
2021/02/02 17:27:28 Authenticating connection 0x0
2021/02/02 17:27:28 nuclei is attempting to connect to Zookeeper
2021/02/02 17:27:28 Authenticated: id=0x176afba7f52e155, timeout=20000
Confirm deletion of user? (yes/no) yes
"Deleted user with UUID:61041064-90e8-563e-8e6b-2037589f6e56"

Typically, the above process works without an issue, but occasionally you may run across problems that prevent you from deleting an account. When failure occurs, you'll receive an output like this:

api_version: '3.1'
metadata:
  categories: {}
  categories_mapping: {}
  kind: user
  spec_version: 0
  uuid: 77bc0866-7dcb-51f8-a7f2-eb9466ef9dcf
spec:
  resources:
    directory_service_user:
      directory_service_reference:
        kind: directory_service
        uuid: 82cf658f-4a5d-4fd4-afeb-dda80ce3c8bc
      user_principal_name: ag@myspace.com
status:
  execution_context:
    task_uuid:
    - 5eba2d84-0609-4855-a285-3ed12e787942
  message_list:
  - message: User cannot be deleted as there are resources associated with this user.
      Change the ownership on the associated entities and try again.
    reason: INTERNAL_ERROR
  name: ag@myspace.com
  resources:
    access_control_policy_reference_list: []
    directory_service_user:
      default_user_principal_name: ag@myspace.com
      directory_service_reference:
        kind: directory_service
        name: Myspace
        uuid: 82cf658f-4a5d-4fd4-afeb-dda80ce3c8bc
      user_principal_name: ag@myspace.com
    display_name: AdminAG
    projects_reference_list:
    - kind: project
      name: default
      uuid: 12ae2f4b-4f1b-4bef-869a-3b3513cd63ee
    resource_usage_summary:
      resource_domain:
        resources: []
    user_type: DIRECTORY_SERVICE
  state: ERROR 

To remove these accounts, we will need to download a script from Nutanix.

  1. Change directory to /tmp and download the script via wget.
nutanix@PCVM:~$ cd /tmp
nutanix@PCVM:/tmp$ wget http://download.nutanix.com/kbattachments/7127/user_delete_by_user_uuid.py

2. Edit the script to add the UUID of the user you intend to delete. Using VI, locate user_uuids = ["user"], press I, then update the user with the UUID of the user you intend to delete. Press Esc, then type :wq!

vi user_delete_by_user_uuid.py

3. Execute the script.

nutanix@PCVM:~$ python user_delete_by_user_uuid.py 

The script will remove the user and your user list will be up to date!