Automate User Cleanup: Remove Inactive Users Safely
Managing inactive user accounts is a common challenge in enterprise environments. Dormant accounts create security risks and clutter your user base. We've developed a simple bash script that automates this process safely and efficiently. This script helps organisations maintain clean user bases by automatically identifying and removing accounts that haven't been accessed for extended periods—all while maintaining strict safety controls and transparency.
Whether you're managing dozens or thousands of users, this automation eliminates the tedious manual work of tracking login histories, identifying inactive accounts, and coordinating removal processes. The script handles the heavy lifting while keeping you in full control with clear reporting and mandatory confirmation steps.
Why This Matters
- Security: Inactive accounts are potential vulnerabilities
- Compliance: Maintain clean user records for audits
- Efficiency: Automate what was previously manual work
How It Works
The script follows a simple 4-step process:
- Fetch all users from your API
- Identify users inactive beyond your threshold (e.g., 6 months)
- Display a detailed list for review
- Remove users only after explicit confirmation
Key Features
- Safe by Design - Requires explicit "yes" confirmation before deletion
- Transparent - Shows exactly who will be removed and why
- Secure - Multiple authentication methods with security warnings
- Cross-Platform - Works on macOS, Linux, and Windows (via WSL)
- Error Handling- Validates HTTP responses and provides clear error messages
Quick Start
Prerequisites
- Bash 4.0 or higher
- jq (JSON processor)
- curl (usually pre-installed)
- API Token with User Management permission
Basic Usage (Example)
Set your API token securely
export API_TOKEN="your-api-token"
Run the script (removes users inactive for 6+ months)
./cleanup_users.sh https://api.example.com/api 6
What You'll See
|
Fetching users...
====== SUMMARY ======
Found 3 users to be removed from tenant.
USERS TO BE REMOVED (Inactive for more than 6 months):
--------------------------------------------------------------
ID | Full Name | Last Login | Months Inactive
--------------------------------------------------------------
user123 | John Doe | 2025-09-15 10:30:00 | 7
user456 | Jane Smith | 2025-08-20 14:45:00 | 8
user789 | Bob Johnson | 2025-07-10 09:15:00 | 9
Do you want to proceed with removing these users? (yes/no)
|
Security Best Practices
The script implements multiple security layers:
- Environment Variables - Recommended method for API tokens
- Interactive Prompt - Fallback if token not provided
- Security Warnings - Alerts when tokens passed via command line
- Explicit Confirmation - No accidental deletions
Benefits
This script helps you:
- Clean up stale users instantly - What used to take hours of manual work now happens in minutes with a single command
- Improve security posture by eliminating dormant accounts that could be exploited
Important Notes
⚠️ This operation is irreversible - Always test first with a high threshold (e.g., 12 months)
⚠️ Review carefully - Check the user list before confirming
⚠️ Backup recommended - Consider exporting user data before cleanup
Troubleshooting
"jq is not installed" → Install jq for your platform
"HTTP 401/403 error" → Check API token and permissions
"HTTP 404 error" → Verify API URL and endpoints
"No users found" → Normal if all users are active
Get Started Today
This script evolved from a single-customer solution to a production-ready tool for the entire community. It's simple, secure, and effective.
Download the script from our repository and start automating your user cleanup process today.
Questions? Check the full documentation in the repository's README for detailed usage examples, troubleshooting tips, and advanced configurations.
⚠️ Always test in a non-production environment first. User deletion is permanent and cannot be undone.
#Administration
#Automation
#IBMInstana
#Administration