Script to remove users from AD group
I really cant remember why its so damn long and complex but it works and thats all i need to know. The script can also be used to Add rather than remove people from a group by changing the ObjGroup.PutEx value to _APPEND as opposed to _DELETE
' Script to remove users from AD group membership
Dim objConnection, objCommand, objRootDSE, strDNSDomain
Dim strFilter, strQuery, objRecordSet, objArgs, usr
const ADS_PROPERTY_DELETE = 4
Const ADS_PROPERTY_APPEND = 3
Set WshShell = WScript.CreateObject("WScript.Shell")
Set objFileSystem = CreateObject("Scripting.fileSystemObject")
Set objInputFile = objFileSystem.OpenTextFile("users.txt",1)
inputData = Split(objInputFile.ReadAll, vbNewline)
For Each StrData in inputdata
Sam = StrData
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "
strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & sam & "))"
strAttributes = "distinguishedName,sAMAccountName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 99999
objCommand.Properties("Timeout") = 300
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
strDN = objRecordSet.Fields("distinguishedName")
objRecordSet.MoveNext
Loop
objConnection.Close
Set objConnection = Nothing
Set objCommand = Nothing
Set objRootDSE = Nothing
Set objRecordSet = Nothing
Set Objuser = Getobject ("LDAP://" & strDN & "")
StrPath = objUser.TerminalServicesProfilePath
objUser.TerminalServicesProfilePath = StrTSProfile
Set Objgroup = Getobject ("LDAP://CN=CTX-Hybrid-Profile-Migration-Group,OU=Applications,OU=Groups,OU=BusinessOU,DC=THINWORLD,DC=NET")
objGroup.PutEx ADS_PROPERTY_DELETE, "member",Array(strDN)
objuser.setinfo
objgroup.setinfo
Next
objInputFile.Close
WScript.Echo "Completed"
wscript.quit
Labels: Scripts
0 Comments:
Post a Comment
<< Home