ThinWorld Citrix Knowledgebase

Tuesday, 21 July 2009

Script to remove users from AD group

This is a script to remove users listed in a file users.txt from an AD group membership.
I really cant remember why its so damn long and complex but it works and thats all i need to know. The script can also be used to Add rather than remove people from a group by changing the ObjGroup.PutEx value to _APPEND as opposed to _DELETE


' Script to remove users from AD group membership

Dim objConnection, objCommand, objRootDSE, strDNSDomain
Dim strFilter, strQuery, objRecordSet, objArgs, usr
const ADS_PROPERTY_DELETE = 4
Const ADS_PROPERTY_APPEND = 3


Set WshShell = WScript.CreateObject("WScript.Shell")
Set objFileSystem = CreateObject("Scripting.fileSystemObject")


Set objInputFile = objFileSystem.OpenTextFile("users.txt",1)

inputData = Split(objInputFile.ReadAll, vbNewline)
For Each StrData in inputdata
Sam = StrData
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
Set objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = ""
strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & sam & "))"
strAttributes = "distinguishedName,sAMAccountName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 99999
objCommand.Properties("Timeout") = 300
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
strDN = objRecordSet.Fields("distinguishedName")
objRecordSet.MoveNext
Loop

objConnection.Close
Set objConnection = Nothing
Set objCommand = Nothing
Set objRootDSE = Nothing
Set objRecordSet = Nothing
Set Objuser = Getobject ("LDAP://" & strDN & "")
StrPath = objUser.TerminalServicesProfilePath
objUser.TerminalServicesProfilePath = StrTSProfile
Set Objgroup = Getobject ("LDAP://CN=CTX-Hybrid-Profile-Migration-Group,OU=Applications,OU=Groups,OU=BusinessOU,DC=THINWORLD,DC=NET")
objGroup.PutEx ADS_PROPERTY_DELETE, "member",Array(strDN)

objuser.setinfo
objgroup.setinfo

Next

objInputFile.Close

WScript.Echo "Completed"
wscript.quit

Labels:

0 Comments:

Post a Comment



<< Home