How To: Programmatically perform an Undo Deprovision operation via a PowerShell script (4336955)

Is it possible to perform an Undo Deprovision in bulk?

Yes, it is possible to programmatically Undo Deprovision users in bulk using a PowerShell script.

Although there is not a specific cmdlet which can be leveraged for this, there is a triggering attribute which can be updated.

Setting edsvaUnDeprovision to a value of 1 will trigger the an Undo Deprovision operation.

The script below has not been put through quality assurance and is provided as-is and without warranty. Do NOT place this script into a production system without thoroughly testing in a lab which matches your live environment. Do not attempt to use this script if you are unfamiliar with scripting. It may or may not work with future versions of Active Roles. Test all customizations against any proposed Active Roles upgrade.

SOLUTION 1: Use a script to perform an Undo Deprovision operation on Users in a specific Organizational Unit (OU)

This solution is fairly easy to implement and simply looks processes all Users in the desired OU to perform Undo Deprovisioning of objects.

1. In the Active Roles Management Shell, run the following:

Edit the areas in the script which are highlighted in bold. 

SOLUTION 2: Read a CSV file which contains a list of users to perform an Undo Deprovision against

1. In the Active Roles Management Shell, run the following:

Connect-QADService -proxy
Import-CSV "User.csv" | % { Set-QADUser $_.samAccountName -ObjectAttributes @{edsvaUnDeprovision=1}}

The input file is a CSV file with a samAccountName column, containing all desired Users.