Hello everybody,
I have a 2-part question.
1. I have a list of user names (samAccountName, actually) I need to find their DNs and remove them from a certain group. When the user accounts are in the same domain my acount belongs to, I incorporate the following routine into my script to find a user DN:
**********
Set oRootDSE = GetObject("LDAP://rootDSE")
Set oConnection = CreateObject("ADODB.Connection")
oConnection.Open "Provider=ADsDSOObject;"
Set oCommand = CreateObject("ADODB.Command")
oCommand.ActiveConnection = oConnection
oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & _
">;(&(objectCategory=User)(samAccountName=" & vSAN & "));distinguishedName;subtree"
Set oRecordSet = oCommand.Execute
On Error Resume Next
SearchDistinguishedName = oRecordSet.Fields("DistinguishedName")
On Error GoTo 0
oConnection.Close
Set oRecordSet = Nothing
Set oCommand = Nothing
Set oConnection = Nothing
Set oRootDSE = Nothing
*****************
But when I need to connect to a different domain (in a different forest), how should I modify this routine? My account has rights in that domain. Also I need to use port 636 to access that other domain.
2. I then need to remove those accounts from a certain group in that other domain. I usually would use the following script to do it (objInfile contains the DNs of the user accounts to be removed from group; objOutFile file is a report):
******************
Do While Not objInFile.AtEndOfStream
'Read Input file line
strUserDN = objInfile.Readline
Set objGroup = GetObject("LDAP://GroupDN")
objGroup.PutEx ADS_PROPERTY_DELETE,"member",Array(strUserDN)
objGroup.SetInfo
'Write Output file line
objOutFile.WriteLine strUserDN
Loop
*******************
Again, how should I modify it so I can do it for user accounts and a group in another domain? And I have to use port 636 for it.
Thank you very much,
Claire
I have a 2-part question.
1. I have a list of user names (samAccountName, actually) I need to find their DNs and remove them from a certain group. When the user accounts are in the same domain my acount belongs to, I incorporate the following routine into my script to find a user DN:
**********
Set oRootDSE = GetObject("LDAP://rootDSE")
Set oConnection = CreateObject("ADODB.Connection")
oConnection.Open "Provider=ADsDSOObject;"
Set oCommand = CreateObject("ADODB.Command")
oCommand.ActiveConnection = oConnection
oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & _
">;(&(objectCategory=User)(samAccountName=" & vSAN & "));distinguishedName;subtree"
Set oRecordSet = oCommand.Execute
On Error Resume Next
SearchDistinguishedName = oRecordSet.Fields("DistinguishedName")
On Error GoTo 0
oConnection.Close
Set oRecordSet = Nothing
Set oCommand = Nothing
Set oConnection = Nothing
Set oRootDSE = Nothing
*****************
But when I need to connect to a different domain (in a different forest), how should I modify this routine? My account has rights in that domain. Also I need to use port 636 to access that other domain.
2. I then need to remove those accounts from a certain group in that other domain. I usually would use the following script to do it (objInfile contains the DNs of the user accounts to be removed from group; objOutFile file is a report):
******************
Do While Not objInFile.AtEndOfStream
'Read Input file line
strUserDN = objInfile.Readline
Set objGroup = GetObject("LDAP://GroupDN")
objGroup.PutEx ADS_PROPERTY_DELETE,"member",Array(strUserDN)
objGroup.SetInfo
'Write Output file line
objOutFile.WriteLine strUserDN
Loop
*******************
Again, how should I modify it so I can do it for user accounts and a group in another domain? And I have to use port 636 for it.
Thank you very much,
Claire