delete the group the user belongs to by the user object

[hartlen]

set oUser=GetObject("LDAP://cn=s040695"_
& ",ou=TestsinomosAccounts,dc=testsinomos,dc=com")
Set oDomain = GetObject("WinNT://testsinomos")
'make sure the user have not belonged to the group
For Each oGroup In oUser.groups
if ( oGroup.name <> "Domain Users" and
oGroup.name <> "Domain Admins") then
'delete all group
'i can write the statement,wishing help me


end if
Next
Set oGroup = oDomain.GetObject("Group", sGroup)
oGroup.Add ("WinNT://sinomos/s040695")

how can i write the statement to implement the deleting the group no matter user belonged to or not , how can i do ,

 

[tsuji]

Hello hartlen,

You have to rephrase the question, so very confusing...

regards - tsuji

 

[mrmovie]

i would say that you cant.

if i understand the question. you want to remove a user from a group without the need to bind to the group. (i.e. just using the bind to the user object) i,e you are after some method like

objUser.RemoveFromGroup(objGroup.AdsInfo)

i would say you are forced to bind to the group and then do a

objGroup.Remove(ADsPath of User Object)

 

[hartlen]

hello mrmovie

you have learn my ideal,now i have rewrite like as but i think it does well ,i want to improve it efficiently

'delete all group the user belong to except the Domain Users and Admins
For Each oGroup In oUser.groups
if ( oGroup.name <> "CN=Domain Users" and
oGroup.name <> "CN=Domain Admins") then
Set objGroup = GetObject("LDAP://"& oGroup.name _ &",ou=Department Groups,dc=testsinomos,dc=com")
objGroup.PutEx ADS_PROPERTY_DELETE, "member", Array("cn=s"&sIdNo&",ou=TestsinomosAccounts,dc=testsinomos,dc=com")
objGroup.SetInfo
end if
Next

'add the user to the group that it belongs to
Set objGroup = GetObject("LDAP://CN="& sGroup &",ou=Department Groups,dc=testsinomos,dc=com")
objGroup.PutEx 3, "member", Array("cn=s"&sIdNo&",ou=TestsinomosAccounts,dc=testsinomos,dc=com")
objGroup.SetInfo
set objGroup=nothing
set oUser=nothing



how can i improve it

 

[tsuji]

hartlen,

>how can i write the statement to implement the deleting the group no matter user belonged to or not

What do you say about this statement? Now, I have to unlearn your ideal?...

- tsuji

 

[mrmovie]

hmm it depends on your definition of efficient.
i can see where you are coming from that you are ending up binding to a group as many times as the number of users in that group.

so, in your case you want all users to be removed from all groups except Domain Admins and Domain Users.

In that case yes, it might be more efficient to loop through your groups like

For Each aGroup In Groups
Set Group = GetObject(AdsPath for Group)
For Each aMember In Group.Members
Group.Remove(AdsPath for User)
Next
Next

but, then you will be binding to each user * number of groups they are a member of.


so, which is more efficient?

query your AD and use a counter.
a) bind to each user and find out how many groups they are a member of, add these counts up
+ number of Users

b) bind to each group and count how many members there are, add these counts up
+ number of groups

is the most efficient way the one with the least end count?
i dont know, i think i have tied myself in knots