Script to remove user from All Groups in AD [WiredBox.Net - Windows Newsgroups]

Werbung: SecurityConsole.de verwaltet Ihre Computer mit Security Essentails aus der Cloud!
30 Tage kostenfrei testen und 20% Rabatt für Ihre Bestellung mit Promocode: WBF2685582
(Promocode gültig bis 31.12.2011)

Group: English: Windows Server » microsoft.public.windows.server.scripting
Thread: Script to remove user from All Groups in AD

HTVi
TV Discussion Newsgroups

Script to remove user from All Groups in AD

gbrown135 6/13/2007 10:18:00 AM

Hi

Can anyone find why this doesn't work?

Const ForReading = 1
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
Const ADS_PROPERTY_DELETE = 4
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D

dim strUser, strDomain, strUserDN
dim objTrans, objUser, objGroup

strUser = InputBox("Enter User Name")

strDomain = "Globalinfra"

Set objTrans = CreateObject("NameTranslate")

objTrans.Init ADS_NAME_INITTYPE_GC, ""

objTrans.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strUser

strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)

Set objUser = GetObject("LDAP://" & strUserDN)

arrMemberOf = objUser.GetEx("memberOf")

If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
WScript.Echo "This account is not a member of any security groups apart
from Domain Users"
WScript.Quit
End If

For Each Group in arrMemberOf
Set objGroup = GetObject("LDAP://" & Group)
objGroup.PutEx ADS_PROPERTY_DELETE, _
"member", Array("strUserDN")
objGroup.SetInfo
Next

Re: Script to remove user from All Groups in AD

"Richard Mueller [MVP]" <rlmueller-nospam[ at ]ameritech.nospam.net> 6/13/2007 2:05:40 PM

"gbrown135" <gbrown135[ at ]discussions.microsoft.com> wrote in message
news:35587A0B-DC32-4716-9CD6-F199EE57AAB8[ at ]microsoft.com...
[Quoted Text]
> Hi
>
> Can anyone find why this doesn't work?
>
> Const ForReading = 1
> Const ADS_NAME_INITTYPE_GC = 3
> Const ADS_NAME_TYPE_NT4 = 3
> Const ADS_NAME_TYPE_1779 = 1
> Const ADS_PROPERTY_DELETE = 4
> Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
>
> dim strUser, strDomain, strUserDN
> dim objTrans, objUser, objGroup
>
> strUser = InputBox("Enter User Name")
>
> strDomain = "Globalinfra"
>
> Set objTrans = CreateObject("NameTranslate")
>
> objTrans.Init ADS_NAME_INITTYPE_GC, ""
>
> objTrans.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strUser
>
> strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
>
> Set objUser = GetObject("LDAP://" & strUserDN)
>
> arrMemberOf = objUser.GetEx("memberOf")
>
> If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
> WScript.Echo "This account is not a member of any security groups apart
> from Domain Users"
> WScript.Quit
> End If
>
> For Each Group in arrMemberOf
> Set objGroup = GetObject("LDAP://" & Group)
> objGroup.PutEx ADS_PROPERTY_DELETE, _
> "member", Array("strUserDN")
> objGroup.SetInfo
> Next
>
>

Your snippet seems to require "On Error Resume Next". I would suggest the
following (after you bind to the user object):
=============
On Error Resume Next
arrGroups = objUser.GetEx("memberOf")
If (Err.Number <> 0) Then
On Error GoTo 0
Wscript.Echo "Member of no groups except Domain Users"
Else
On Error GoTo 0
For Each strGroup In arrGroups
Set objGroup = GetObject("LDAP://" & strGroup)
objGroup.Remove(objUser.AdsPath)
Next
End If
=========
Only use "On Error Resume Next" where you expect an error might be raised,
then restore normal error handling with "On Error GoTo 0" so you can
troubleshoot problems. If an error is raised the error message will include
the line number. I always use the Remove method of the group object, rather
than modifying the linked attribute directly.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

Home | Search | Terms | Imprint Contact

Newsgroups Reader - provided by WiredBox.Net
Suche nach Orten, Städten, Postleitzahlen, Vorwahlen, Kfz-Kennzeichen