Delete Members of groups from a script gbrown135 6/1/2007 1:58:00 PM Is there any script around that will allow me to read a text file (or excel) and remove the names on the list from an Active Directory group. I have hundreds of user's to remove from a Group and don't fancy removing them 1 by 1. Any help appreciated. Gary

Re: Delete Members of groups from a script "Richard Mueller [MVP]" <rlmueller-nospam[ at ]ameritech.nospam.net> 6/1/2007 4:01:11 PM Gary wrote: [Quoted Text] > Is there any script around that will allow me to read a text file (or > excel) > and remove the names on the list from an Active Directory group. > > I have hundreds of user's to remove from a Group and don't fancy removing > them 1 by 1. The names can be read from a text file or spreadsheet. If the name are NT names (pre-Windows 2000 logon names), you will need to use the NameTranslate object to convert to Distinguished Names. You would bind to the group object, use the IsMember method of the group object to check if the user is a member, then use the Remove method of the group object to remove the member. For example: =============== Option Explicit Dim objFSO, strFile, objFile, strNTName, strUserDN Dim objTrans, strDomain, objGroup Const ForReading = 1 ' Constants for NameTranslate Const ADS_NAME_INITTYPE_GC = 3 Const ADS_NAME_TYPE_NT4 = 3 Const ADS_NAME_TYPE_1779 = 1 ' Specify NetBIOS name of the domain. strDomain = "MyDomain" ' Specify input file of user NT names (pre-Windows 2000 logon names). strFile = "c:\scripts\users.txt" ' Bind to the group object. Set objGroup = GetObject("LDAP://cn=MyGroup,ou=Sales,dc=MyDomain,dc=com") ' Open the file for read access. Set objFSO = CreateObject("Scripting.FileSystemObject") Set objFile = objFSO.OpenTextFile(strFile, ForReading) ' Use NameTranslate object to convert NT names to DN's. Set objTrans = CreateObject("NameTranslate") ' Initialize NameTranslate by locating Global Catalog. objTrans.Init ADS_NAME_INITTYPE_GC, "" ' Read NT names from input file. Do Until objFile.AtEndOfStream strNTName = Trim(objFile.ReadLine) If (strNTName <> "") Then ' Specify NT format of name. ' Trap error if name not found. On Error Resume Next objTrans.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strNTName If (Err.Number <> 0) Then On Error GoTo 0 Wscript.Echo "User " & strNTName & " not found." Else On Error GoTo 0 ' Retrieve RPC 1779 Distinguished Name. strUserDN = objTrans.Get(ADS_NAME_TYPE_1779) ' Check if user is a member of the group. If (objGroup.IsMember("LDAP://" & strUserDN) = True) Then ' Remove user from group. objGroup.Remove("LDAP://" & strUserDN) End If End If End If Loop ' Clean up. objFile.Close -- Richard Mueller Microsoft MVP Scripting and ADSI Hilltop Lab - http://www.rlmueller.net --

Re: Delete Members of groups from a script gbrown135 6/5/2007 10:03:00 AM Thank you very much! been a nightmare "Richard Mueller [MVP]" wrote: [Quoted Text] > Gary wrote: > > > Is there any script around that will allow me to read a text file (or > > excel) > > and remove the names on the list from an Active Directory group. > > > > I have hundreds of user's to remove from a Group and don't fancy removing > > them 1 by 1. > > The names can be read from a text file or spreadsheet. If the name are NT > names (pre-Windows 2000 logon names), you will need to use the NameTranslate > object to convert to Distinguished Names. You would bind to the group > object, use the IsMember method of the group object to check if the user is > a member, then use the Remove method of the group object to remove the > member. For example: > =============== > Option Explicit > > Dim objFSO, strFile, objFile, strNTName, strUserDN > Dim objTrans, strDomain, objGroup > > Const ForReading = 1 > ' Constants for NameTranslate > Const ADS_NAME_INITTYPE_GC = 3 > Const ADS_NAME_TYPE_NT4 = 3 > Const ADS_NAME_TYPE_1779 = 1 > > ' Specify NetBIOS name of the domain. > strDomain = "MyDomain" > > ' Specify input file of user NT names (pre-Windows 2000 logon names). > strFile = "c:\scripts\users.txt" > > ' Bind to the group object. > Set objGroup = GetObject("LDAP://cn=MyGroup,ou=Sales,dc=MyDomain,dc=com") > > ' Open the file for read access. > Set objFSO = CreateObject("Scripting.FileSystemObject") > Set objFile = objFSO.OpenTextFile(strFile, ForReading) > > ' Use NameTranslate object to convert NT names to DN's. > Set objTrans = CreateObject("NameTranslate") > ' Initialize NameTranslate by locating Global Catalog. > objTrans.Init ADS_NAME_INITTYPE_GC, "" > > ' Read NT names from input file. > Do Until objFile.AtEndOfStream > strNTName = Trim(objFile.ReadLine) > If (strNTName <> "") Then > ' Specify NT format of name. > ' Trap error if name not found. > On Error Resume Next > objTrans.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strNTName > If (Err.Number <> 0) Then > On Error GoTo 0 > Wscript.Echo "User " & strNTName & " not found." > Else > On Error GoTo 0 > ' Retrieve RPC 1779 Distinguished Name. > strUserDN = objTrans.Get(ADS_NAME_TYPE_1779) > ' Check if user is a member of the group. > If (objGroup.IsMember("LDAP://" & strUserDN) = True) Then > ' Remove user from group. > objGroup.Remove("LDAP://" & strUserDN) > End If > End If > End If > Loop > > ' Clean up. > objFile.Close > > -- > Richard Mueller > Microsoft MVP Scripting and ADSI > Hilltop Lab - http://www.rlmueller.net > -- > > >