This ASP.NET page has functionality to remove a user from a group in AD.....



Create SDK folder on your C drive...

run this in PS
[appdomain]::currentdomain.getassemblies() | where {($_.fullname -match
"system.management") -OR ($_.fullname –match "Microsoft")} |copy-item -path
{$_.location} -destination c:\sdk\ -verbose

Add References
SYSTEM.MANAGEMENT
SYSTEM.MANAGEMENT.AUTOMATION



Here is the Default.ASPX page. (replace your OUs!)

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Default.aspx.vb"
Inherits="_Default" %>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
<title>PowerAsp Demo Page</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<h3>PowerShell ASP ADSI</h3>
<p>
<asp:Label ID="DateLabel" runat="server" Text="UserName"></asp:Label>
<asp:TextBox ID="txtUserName" runat="server" Height="16px" Rows="3"
Width="144px">Chris M</asp:TextBox>
</p>
<p>
<asp:Label ID="Label1" runat="server" Text="LDAP User
OU"></asp:Label><asp:TextBox
ID="txtUserOU" runat="server" Height="16px" Rows="3"
Width="472px">LDAP://OU=mis,OU=employee
accounts,DC=city,DC=company,DC=com</asp:TextBox> </p>
<p>
<asp:Label ID="Label2" runat="server" Text="LDAP Group
OU"></asp:Label><asp:TextBox
ID="txtGroupOU" runat="server" Height="16px" Rows="3"
Width="464px">LDAP://OU=security groups,DC=city,DC=company,DC=com
</asp:TextBox> </p>
<p>
<asp:Button ID="btnGetGroups" OnClick="RunScript" runat="server"
Text="Get Groups" Visible="true" />








<asp:Button ID="btnRemoveFromGroup" OnClick="RunScript"
runat="server" Text="Remove From Selected Group" Visible="true"
Enabled="False" />
</p>
<p>
<asp:ListBox ID="ResultListBox" Width="880px" runat="server" Rows="12"
AutoPostBack="True"></asp:ListBox> </p>
<p>
<asp:Label ID="Label3" runat="server" Text="Get Groups
SCRIPT"></asp:Label> </p>
<asp:TextBox ID="txtScriptGG" runat="server" Height="136px"
TextMode="MultiLine" Width="880px">

[System.Reflection.Assembly]::LoadWithPartialName("system.directoryservices")
$root = [adsi]"$($sessionproxy.UserOU.text)";
$searcher = new-object
system.directoryservices.directorysearcher;
$user = New-Object system.directoryservices.directoryentry;
$searcher.SearchRoot = $root;
$result = $searcher.Findall() | Where-Object {
$_.properties.item("cn") -eq "$($sessionproxy.UserName.text)" }
$user = $result.GetDirectoryEntry()
$user.memberof |%{$SessionProxy.ResultListBox.Items.Add($_)}
</asp:TextBox>
<br />
<br />
<asp:Label ID="Label4" runat="server" Text="Remove User From
Selected Group SCRIPT"></asp:Label><br />
<br />
<asp:TextBox
ID="txtScriptREM" runat="server" Height="136px"
TextMode="MultiLine"
Width="880px">
$searcher_G = new-object
system.directoryservices.directorysearcher;
$grp_G = New-Object
system.directoryservices.directoryentry;
$root_G = [adsi]"$($sessionproxy.GroupOU.text)";
$searcher_G.SearchRoot = $root_G;
$result_G = $searcher_G.FindAll() | Where-Object {
$_.properties.item("distinguishedName") -eq
"$($sessionproxy.ResultListBox.SelectedItem.text)" }
$grp_g = $result_g.GetDirectoryEntry()


$grp_g.psbase.Invoke("Remove",$user.psbase.path.tostring());
$grp_g.psbase.CommitChanges();
</asp:TextBox><br />
<p>
</p>
<script runat="server" language="VB">
Sub RunScript(ByVal s As Object, ByVal e As EventArgs)

Me.ResultListBox.Items.Clear()
If Me.Session("runspace") Is Nothing Then
MyRunspace =
System.Management.Automation.Runspaces.RunspaceFactory.CreateRunspace()
MyRunspace.Open()
Me.Session.Add("runspace", MyRunspace)
Me.sessionproxy =
System.Collections.Hashtable.Synchronized(New Hashtable())
MyRunspace.SessionStateProxy.SetVariable("SessionProxy",
Me.sessionproxy)
Me.Session.Add("SessionProxy", sessionproxy)
Else
sessionproxy = Me.Session("SessionProxy")
MyRunspace = Me.Session("runspace")
End If
sessionproxy("GetGroupsScript") = Me.txtScriptGG
sessionproxy("RemoveUserScript") = Me.txtScriptREM
sessionproxy("UserName") = Me.txtUserName
sessionproxy("UserOU") = Me.txtUserOU
sessionproxy("GroupOU") = Me.txtGroupOU
sessionproxy("ResultListBox") = ResultListBox
myinvoke = New
System.Management.Automation.RunspaceInvoke(MyRunspace)
If s.id = "btnGetGroups" Then
myinvoke.Invoke(txtScriptGG.Text)
ElseIf s.id = "btnRemoveFromGroup" Then
'MsgBox(Me.ResultListBox.SelectedItem.Text)
myinvoke.Invoke(txtScriptREM.Text)
End If
End Sub

</script>
</div>
</form>
</body>
</html>





and this is the new ASPX.VB file:





Imports System.Management
Imports System.Management.automation
Imports System.Management.Automation.Runspaces.RunspaceFactory

Partial Class _Default
Inherits System.Web.UI.Page
Public MyRunspace As Runspaces.Runspace
Public sessionproxy As Hashtable
Public myinvoke As Automation.RunspaceInvoke

Protected Sub ResultListBox_SelectedIndexChanged(ByVal sender As Object,
ByVal e As System.EventArgs) Handles ResultListBox.SelectedIndexChanged
btnRemoveFromGroup.Enabled = True
End Sub
End Class




ENJOY!

Running the below code works fine in development mode,,, but does not on the
IIS server 6 (remote).. I tried impersination and anon access and giving DCOM
permission to IUSR and ASPNET( local or network). There is a GPO in effect,
I'm not sure what that could have to do with it. Also there is ISA 2004 on
the network. I'm at a loss.

Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

originally posted in MICROSOFT.PUBLIC.WINDOWS.POWERSHELL
cc:microsoft.public.vsnet.debugging,microsoft.public.dotnet.framework.aspnet.security,microsoft.public.dotnet.framework.interop,microsoft.public.dotnet.framework.wmi,microsoft.public.dotnet.security,microsoft.public.dotnet.scripting,microsoft.public.inetserver.iis,microsoft.public.inetserver.iis.security,microsoft.public.security,microsoft.public.windows.activedirectory.dsml,microsoft.public.windows.file_system,microsoft.public.windows.server.active_directory




"fixitchris" wrote:

> This ASP.NET page has functionality to remove a user from a group in AD.....
>
>
>
> Create SDK folder on your C drive...
>
> run this in PS
> [appdomain]::currentdomain.getassemblies() | where {($_.fullname -match
> "system.management") -OR ($_.fullname –match "Microsoft")} |copy-item -path
> {$_.location} -destination c:\sdk\ -verbose
>
> Add References
> SYSTEM.MANAGEMENT
> SYSTEM.MANAGEMENT.AUTOMATION
>
>
>
> Here is the Default.ASPX page. (replace your OUs!)
>
> <%@ Page Language="VB" AutoEventWireup="false" CodeFile="Default.aspx.vb"
> Inherits="_Default" %>
>
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
>
> <html xmlns="http://www.w3.org/1999/xhtml" >
> <head id="Head1" runat="server">
> <title>PowerAsp Demo Page</title>
> </head>
> <body>
> <form id="form1" runat="server">
> <div>
> <h3>PowerShell ASP ADSI</h3>
> <p>
> <asp:Label ID="DateLabel" runat="server" Text="UserName"></asp:Label>
> <asp:TextBox ID="txtUserName" runat="server" Height="16px" Rows="3"
> Width="144px">Chris M</asp:TextBox>
> </p>
> <p>
> <asp:Label ID="Label1" runat="server" Text="LDAP User
> OU"></asp:Label><asp:TextBox
> ID="txtUserOU" runat="server" Height="16px" Rows="3"
> Width="472px">LDAP://OU=mis,OU=employee
> accounts,DC=city,DC=company,DC=com</asp:TextBox> </p>
> <p>
> <asp:Label ID="Label2" runat="server" Text="LDAP Group
> OU"></asp:Label><asp:TextBox
> ID="txtGroupOU" runat="server" Height="16px" Rows="3"
> Width="464px">LDAP://OU=security groups,DC=city,DC=company,DC=com
> </asp:TextBox> </p>
> <p>
> <asp:Button ID="btnGetGroups" OnClick="RunScript" runat="server"
> Text="Get Groups" Visible="true" />
>
>
>
>
>
>
> <asp:Button ID="btnRemoveFromGroup" OnClick="RunScript"
> runat="server" Text="Remove From Selected Group" Visible="true"
> Enabled="False" />
> </p>
> <p>
> <asp:ListBox ID="ResultListBox" Width="880px" runat="server" Rows="12"
> AutoPostBack="True"></asp:ListBox> </p>
> <p>
> <asp:Label ID="Label3" runat="server" Text="Get Groups
> SCRIPT"></asp:Label> </p>
> <asp:TextBox ID="txtScriptGG" runat="server" Height="136px"
> TextMode="MultiLine" Width="880px">
>
> [System.Reflection.Assembly]::LoadWithPartialName("system.directoryservices")
> $root = [adsi]"$($sessionproxy.UserOU.text)";
> $searcher = new-object
> system.directoryservices.directorysearcher;
> $user = New-Object system.directoryservices.directoryentry;
> $searcher.SearchRoot = $root;
> $result = $searcher.Findall() | Where-Object {
> $_.properties.item("cn") -eq "$($sessionproxy.UserName.text)" }
> $user = $result.GetDirectoryEntry()
> $user.memberof |%{$SessionProxy.ResultListBox.Items.Add($_)}
> </asp:TextBox>
> <br />
> <br />
> <asp:Label ID="Label4" runat="server" Text="Remove User From
> Selected Group SCRIPT"></asp:Label><br />
> <br />
> <asp:TextBox
> ID="txtScriptREM" runat="server" Height="136px"
> TextMode="MultiLine"
> Width="880px">
> $searcher_G = new-object
> system.directoryservices.directorysearcher;
> $grp_G = New-Object
> system.directoryservices.directoryentry;
> $root_G = [adsi]"$($sessionproxy.GroupOU.text)";
> $searcher_G.SearchRoot = $root_G;
> $result_G = $searcher_G.FindAll() | Where-Object {
> $_.properties.item("distinguishedName") -eq
> "$($sessionproxy.ResultListBox.SelectedItem.text)" }
> $grp_g = $result_g.GetDirectoryEntry()
>
>
> $grp_g.psbase.Invoke("Remove",$user.psbase.path.tostring());
> $grp_g.psbase.CommitChanges();
> </asp:TextBox><br />
> <p>
> </p>
> <script runat="server" language="VB">
> Sub RunScript(ByVal s As Object, ByVal e As EventArgs)
>
> Me.ResultListBox.Items.Clear()
> If Me.Session("runspace") Is Nothing Then
> MyRunspace =
> System.Management.Automation.Runspaces.RunspaceFactory.CreateRunspace()
> MyRunspace.Open()
> Me.Session.Add("runspace", MyRunspace)
> Me.sessionproxy =
> System.Collections.Hashtable.Synchronized(New Hashtable())
> MyRunspace.SessionStateProxy.SetVariable("SessionProxy",
> Me.sessionproxy)
> Me.Session.Add("SessionProxy", sessionproxy)
> Else
> sessionproxy = Me.Session("SessionProxy")
> MyRunspace = Me.Session("runspace")
> End If
> sessionproxy("GetGroupsScript") = Me.txtScriptGG
> sessionproxy("RemoveUserScript") = Me.txtScriptREM
> sessionproxy("UserName") = Me.txtUserName
> sessionproxy("UserOU") = Me.txtUserOU
> sessionproxy("GroupOU") = Me.txtGroupOU
> sessionproxy("ResultListBox") = ResultListBox
> myinvoke = New
> System.Management.Automation.RunspaceInvoke(MyRunspace)
> If s.id = "btnGetGroups" Then
> myinvoke.Invoke(txtScriptGG.Text)
> ElseIf s.id = "btnRemoveFromGroup" Then
> 'MsgBox(Me.ResultListBox.SelectedItem.Text)
> myinvoke.Invoke(txtScriptREM.Text)
> End If
> End Sub
>
> </script>
> </div>
> </form>
> </body>
> </html>
>
>
>
>
>
> and this is the new ASPX.VB file:
>
>
>
>
>
> Imports System.Management
> Imports System.Management.automation
> Imports System.Management.Automation.Runspaces.RunspaceFactory
>
> Partial Class _Default
> Inherits System.Web.UI.Page
> Public MyRunspace As Runspaces.Runspace
> Public sessionproxy As Hashtable
> Public myinvoke As Automation.RunspaceInvoke
>
> Protected Sub ResultListBox_SelectedIndexChanged(ByVal sender As Object,
> ByVal e As System.EventArgs) Handles ResultListBox.SelectedIndexChanged
> btnRemoveFromGroup.Enabled = True
> End Sub
> End Class
>
>
>
>
> ENJOY!