Vista Forums - View Single Post - Script to remove list of users from groups...

permalink · 06-04-2008

All,

Complete noob.... Has found a script that will remove a user from all Active
Directory groups. Trouble is, it only removes a single user. I have csvde
output of a list of user DNs that I want to remove from all groups. If I save
this list of DNs as C:\DNs.txt How can I get the script to read the list and
remove from groups?

This is script I have (with my comments)
=====================begin================
On Error Resume Next

Const ADS_PROPERTY_DELETE = 4
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D

'I guess I need to change something here:
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
arrMemberOf = objUser.GetEx("memberOf")

If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
WScript.Echo "This account is not a member of any security groups."
WScript.Quit
End If

' I guess I also need to change something in the next few lines also....?
For Each Group in arrMemberOf
Set objGroup = GetObject("LDAP://" & Group)
objGroup.PutEx ADS_PROPERTY_DELETE, _
"member", Array("cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objGroup.SetInfo
Next
==================END====================

Many thanks for your help!

06-04-2008	#1 (permalink)
Ron n/a posts	Script to remove list of users from groups... All, Complete noob.... Has found a script that will remove a user from all Active Directory groups. Trouble is, it only removes a single user. I have csvde output of a list of user DNs that I want to remove from all groups. If I save this list of DNs as C:\DNs.txt How can I get the script to read the list and remove from groups? This is script I have (with my comments) =====================begin================ On Error Resume Next Const ADS_PROPERTY_DELETE = 4 Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D 'I guess I need to change something here: Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") arrMemberOf = objUser.GetEx("memberOf") If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then WScript.Echo "This account is not a member of any security groups." WScript.Quit End If ' I guess I also need to change something in the next few lines also....? For Each Group in arrMemberOf Set objGroup = GetObject("LDAP://" & Group) objGroup.PutEx ADS_PROPERTY_DELETE, _ "member", Array("cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objGroup.SetInfo Next ==================END==================== Many thanks for your help!
My System Specs