I recently had to write a script to delete notes users and found the documentation regarding the approval process of deletion requests lacking.
In my answer below you can find my code and some explanations regarding the process and some of it´s quirks.
If you can improve on my answer, feel free to do so.
So, first off here is a link to the Documentation regarding the deleteUser method of the NotesAdministrationProcess class which we will use to delete our user.
Looking at the docs this should be pretty straightforward, but the usage paragraph mentions it triggers other actions. Now if you don´t know sh*t about notes like me you would think those actions would be triggered immediately. Like DJT would say: WRONG! SAD!
The deleteUser method deletes users through an administration process (unless you set the immediate flag to true) which are executed in intervals. Those intervals are configured in the Domino Admin Client under
Configuration->Server->%SERVERDOC%>Server Tasks->Administration Process -> normal request interval
the default is 60 minutes.
The next thing to know is that some actions like the deletion of mailfiles will require approval (i´d assume this is configurable as well but that´s just a guess).
The NotesAdministrationProcess also has different .Approve* methods including ApproveMailFileDeletion which takes a noteID as parameter (Link to docs).
If you read the deleteUser doc carefully you will have noticed that the methods returns a noteID as well. If you try to use this ID with ApproveMailFileDeletion you will get the following Error:
Invalid Approval Request note.
As you would expect at this point, that´s the wrong ID. The deletion process has multiple steps which will all have their own ID and until now i have not found a way to get those steps with the ID returned by deleteUser.
So here is the code for the deletion:
#create session, this is documented pretty well
$user = "CN=Test User/O=NotesTest"
$server = "CN=WIN-SBPV9BSJEKJ/O=NotesTest"
$session = New-Object -ComObject Lotus.NotesSession
$session.initialize($sessionUserIdFilePassword)
$adminProcess = $session.CreateAdministrationProcess($server)
#delete user for parameters see docs
$noteID = $adminProcess.DeleteUser($user, $immediate, $mailfileAction, $denyGroup)
And here is how i got around to finding the relevant requests to approve (no error handling etc. for simplicity) (If you do all of this in one go add a sleep timer for the execution interval to pass):
#get all pending requests
$db = $session.GetDatabase($server,"admin4.nsf",$false)
$appView = $db.GetView("Pending Administrator Approval")
$doc = $appView.GetFirstDocument()
#loop through requests to find request pertaining to current user and action, then approve
while($doc -ne $null){
$requestTargetAccountDN = $doc.Items.Get(4).Text #4= ProxyNameList, contains DN of account
$requestTargetDbPath = $doc.Items.Get(20) #20= ProxyDatabasePath contains mailpath (mail/shortname)
if($requestTargetAccountDN -eq $user){
if($doc.ColumnValues.Get(5) -eq "Approve Mail File Deletion"){
$adminProcess.ApproveMailFileDeletion($doc.NoteID)
}
}
$doc = $appView.GetNextDocument($doc)
}
