disturbedone
Vendor
I have a script that was written by a contractor some time ago. It is designed to disable a user and does multiple things. It does the following:
* Disables the AD account
* Moves the AD account to another OU
* Updates the AD description field with the date it was disabled
* Hides the mailbox from the GAL in Exchange 2010
* Moves the home folder to another location
* Moves another user folder to another location
* Removes the user from all groups it is a member of
All works perfectly except for the last thing. This works intermittently. It will sometimes remove them from all groups but sometimes only from some groups. I have altered the script to only perform the action of removing the user from groups. I created a test user and added it to 1/2/5/10/30 groups and it works perfectly on every attempt.
This function gets the details of the user:
This part of the code removes the use from groups:
Any ideas why this works intermittently??
* Disables the AD account
* Moves the AD account to another OU
* Updates the AD description field with the date it was disabled
* Hides the mailbox from the GAL in Exchange 2010
* Moves the home folder to another location
* Moves another user folder to another location
* Removes the user from all groups it is a member of
All works perfectly except for the last thing. This works intermittently. It will sometimes remove them from all groups but sometimes only from some groups. I have altered the script to only perform the action of removing the user from groups. I created a test user and added it to 1/2/5/10/30 groups and it works perfectly on every attempt.
This function gets the details of the user:
Code:
# ---------------------------------- #
# Function return the DN of the user #
# ---------------------------------- #
function get-dn ($SAMName) {
$root = [ADSI]''
$searcher = new-object System.DirectoryServices.DirectorySearcher($root)
$searcher.filter = "(&(objectClass=user)(sAMAccountName= $SAMName))"
$user = $searcher.findall()
if ($user.count -gt 1) {
$count = 0
foreach($i in $user) {
write-host $count ": " $i.path
$count = $count + 1
}
$selection = Read-Host "Please select item: "
return $user[$selection].path
} else {
return $user[0].path
}
}This part of the code removes the use from groups:
Code:
Write-Host "-- Remove user from all groups..." -foregroundcolor White -backgroundcolor DarkYellow
echo ""
dsquery group -limit 2000 | dsmod group -c -q -rmmbr $path.Substring(7) 2>$NULL
Write-Host " User has been removed from all groups" -foregroundcolor White -backgroundcolor DarkGreen
echo ""Any ideas why this works intermittently??
