I received a comment on a post I did some time ago where the visitor asked for how to remove a User and Device relationship with PowerShell, instead of creating one. I thought that I’d put together a quick script to handle such scenarios, and here it is.


    Remove an User and Device relationship in ConfigMgr 2012
    This script will remove a relationship between an user and a device in ConfigMgr 2012. It supports an array of device names to be specified. 
.PARAMETER SiteServer    
    Site server name with SMS Provider installed
.PARAMETER DeviceName    
    Specify the device names that has a user machine relationship to be removed
    .\Remove-PrimaryUserDeviceRelationship.ps1 -SiteServer CM01 -DeviceName CL01    
    Removes a relationship between a device called 'CL01' and the primary user on a Primary Site server called 'CM01':
    Script name: Remove-PrimaryUserDeviceRelationship.ps1    
    Author:      Nickolaj Andersen    
    Contact:     @NickolajA    
    DateCreated: 2015-04-20
    [parameter(Mandatory=$true, HelpMessage="Site server where the SMS Provider is installed")]
    [ValidateScript({Test-Connection -ComputerName $_ -Count 1 -Quiet})]
    [parameter(Mandatory=$true, HelpMessage="Specify a Device names that has a user machine relationship that will be removed")]
Begin {
    # Determine SiteCode from WMI
    try {
        Write-Verbose "Determining SiteCode for Site Server: '$($SiteServer)'"
        $SiteCodeObjects = Get-WmiObject -Namespace "root\SMS" -Class SMS_ProviderLocation -ComputerName $SiteServer -ErrorAction Stop
        foreach ($SiteCodeObject in $SiteCodeObjects) {
            if ($SiteCodeObject.ProviderForLocalSite -eq $true) {
                $SiteCode = $SiteCodeObject.SiteCode
                Write-Debug "SiteCode: $($SiteCode)"
    catch [System.UnauthorizedAccessException] {
        Write-Warning -Message "Access denied" ; break
    catch [Exception] {
        Write-Warning -Message "Unable to determine SiteCode" ; break
Process {
    try {
        foreach ($Device in $DeviceName) {
            $UserMachineRelations = Get-WmiObject -Namespace "root\SMS\site_$($SiteCode)" -Class SMS_UserMachineRelationship -ComputerName $SiteServer -Filter "ResourceName like '$($Device)'"
            if ($UserMachineRelations -ne $null) {
                if ($PSCmdlet.ShouldProcess($UserMachineRelations.__PATH, "Remove")) {
                    Remove-WmiObject -InputObject $UserMachineRelations
    catch [System.UnauthorizedAccessException] {
        Write-Warning -Message "Access denied"
    catch [Exception] {
        Write-Error -Message "An error occured while trying to remove a WMI instance"

Using the script

The script supports multiple device names to be specified in order to be more efficient when running the script.

1. Save the script above as Remove-PrimaryUserDeviceRelationship.ps1 to e.g. C:\Scripts.
2. Open an elevated PowerShell console and browse to C:\Scripts.
3. Run the following command:

.\Remove-PrimaryUserDeviceRelationship.ps1 -SiteServer CAS01 -DeviceName WS01 -Verbose


The relationship between the Primary User for Device WS01 has now been removed, I hope this helps!


Nickolaj Andersen

Principal Consultant and Enterprise Mobility MVP since 2016. Nickolaj has been in the IT industry for the past 10 years specializing in Enterprise Mobility and Security, Windows devices and deployments including automation. Currently working for TrueSec as a Principal Consultant. Awarded as PowerShell Hero in 2015 by the community for his script and tools contributions. Creator of ConfigMgr Prerequisites Tool, ConfigMgr OSD FrontEnd, ConfigMgr WebService to name a few. Frequent speaker at conferences and user groups.

  • David
    Posted at 14:30 December 10, 2015

    I’m attempting to run the script using multiple machine names yet it fails after the first machine.

    Any way to have the script remove multiple machines?


  • Leave a Reply to David
    Cancel Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.