Delete User from Domain + Extras 1

[DaleHopper]

Hi, I'm trying to create a script to delete users in a specific Active Directory OU, i've found various scripts on the web and added some parts together to create exactly what i'm after.
The extras I am after are:
I'm wanting to move deleted users documents to a server location
I'm wanting to remove the share each deleted user has on my network which is a hidden share (User$), normally when i delete a user's homedir the share still exists despite the folder no longer existing.
I'm also wanting to delete another folder in a server location such as \\server2\mediafiles\username.

The script i'm currently working with (that doesn't work)

<Script>
Option Explicit

Dim strOU, objOU, objFSO, objUser, trgFolder

' Set Network
Set WshNetwork = WScript.CreateObject("WScript.Network")

' Specify the OU.
strOU = "ou=Staff,ou=Leavers,ou=People,dc=network,dc=local"

' Bind to the OU.
Set objOU = GetObject("LDAP://" & strOU)

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set HomeShare = objWMIService.ExecQuery _
("Select * from Win32_Share Where Name = (objUser.sAMAccountName)")

' Use FileSystemObject to delete folders.
Set objFSO = CreateObject("Scripting.FileSystemObject")

' Filter on user objects.
objOU.Filter = Array("user")

'Set Target Path
trgFolder = "X:\"

' Enumerate users.
For Each objUser In objOU
' Skip computers (which have class user).
If (objUser.Class = "user") Then
' Delete user profile path.
If (objUser.profilePath <> "") Then
If (objFSO.FolderExists(objUser.profilePath) = True) Then
objFSO.DeleteFolder(objUser.profilePath)
End If
End If
' Delete user TS profile path.
If (objUser.msTSProfilePath <> "") Then
If (objFSO.FolderExists(objUser.msTSProfilePath) = True) Then
objFSO.DeleteFolder(objUser.msTSProfilePath)
End If
End If
' Delete user home directory.
If (objUser.homeDirectory <> "") Then
If (objFSO.FolderExists(objUser.homeDirectory) = True) Then
objFSO.CopyFolder((objUser.homeDirectory), trgFolder & (objUser.sAMAccountName), True) Then
objFSO.DeleteFolder(objUser.homeDirectory)
End If
End If
For Each objShare in HomeShare
objShare.Delete
' Delete the user object from AD.
objUser.DeleteObject (0)

End If
Next
WshNetwork.RemoveNetworkDrive "X:"

</Script>

If someone could tidy it up for me, let me know what's wrong i'd be very grateful.
The script is assuming I already have Drive X: mapped to a location to archive staff leavers folders
Many thanks

 

[markdmac]

I doubt you are going to get anyone to rewrite your code for you. I can however offer some suggestions. First, break this down into the items you outline above. Handle the user folders before you remove the account, that way you don't have a bad sid associated with the files. Use extensive use of comments to document what each section does.

Prompt for user name
Query AD and get location of user shared folder
Don't rely on a mapped drive, use UNC paths, then Copy the files to the new location
Verify file copies
Remove the share like this:
    ' Delete a Network Share
    strComputer = "."
    Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
    Set colShares = objWMIService.ExecQuery("Select * from Win32_Share Where Name = 'UserName$'")
    For Each objShare in colShares
         objShare.Delete
    Next
Copy any other files you need to and verify copy
Delete the original files
If Exchange is involved disconnect the mailbox and archive it
Remove user group memberships
Delete the user

I hope that helps.

Regards,

Mark

No trees were harmed in posting this message, however a significant number of electrons were terribly inconvenienced.

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER.

 

[JPJeffery]

We take the approach of never deleting anything. When a user leaves we disable their AD account and move it to a 'Left Company' OU.

This allows us to re-nable in the unlikely event they rejoin, and avoids any mysterious SIDs being left lying around on objects. Of course the latter point should never happen anyway, if groups are used to grant permissions...

Totally agree with markdmac: Use UNC paths, not mapped drives.

(And these days I'd write the script in Powershell, rather than .vbs)

JJ
[small][purple]Variables won't. Constants aren't[/purple]
There is no apostrophe in the plural of PC (or PST, or CPU, or HDD, or FDD, or photo, or breakfast...and so on)[/small]