script to delete user profiles and data

[fong21051]

Hi, I want to start this as a new thread as I spent many hours and still couldn't work this one out.
The script below deletes all the userprofiles and userdata of all those accounts in a specified AD OU.

However I login to the File server that contains all the user profiles and userdata and run the script. I receive the following error:
------------------------------
Line 34
Char 6
Error: permission denied.
------------------------------

There are many AD accounts in the specified OU and I do not know which users data I am denied access. Is there a way I can see an error code and description of which user data I am denied?
My code is below. I already spent all day, so many thanks for any help:


-----------------------------------------------
Option Explicit

Dim strOU, objOU, objFSO, objUser, strUserData, wshShell
Dim wsh: Set wshShell = CreateObject("WScript.Shell")

' Specify the OU.
strOU = "ou=2010EmailForLife,ou=EmailForLife,ou=Student Leavers,ou=People,dc=rcm,dc=ac,dc=uk"

' Bind to the OU.
Set objOU = GetObject("LDAP://" & strOU)

' Use FileSystemObject to delete folders.
Set objFSO = CreateObject("Scripting.FileSystemObject")

' Filter on user objects.
objOU.Filter = Array("user")

' Enumerate users.
For Each objUser In objOU
' Skip computers (which have class user).
If (objUser.Class = "user") Then
' Take Ownership of profile then Delete user profile path.
If (objUser.profilePath <> "\\rcm-file\stuprofs$\") Then
If objFSO.FolderExists(objUser.profilePath) Then
wshShell.Run "CMD /K TAKEOWN /F """ & objUser.profilePath & """ /R /D Y", 1, True
objFSO.DeleteFolder objUser.profilePath, True
End If
End If
End If

' Delete userdata.
strUserData = "\\rcm-file\studuser$\" & objUser.sAMAccountName
If (objFSO.FolderExists(strUserData) = True) Then
objFSO.DeleteFolder(strUserData)
End If

' Delete userprofile if path not specified in the AD field.
strUserData = "\\rcm-file\stuprofs$\" & objUser.sAMAccountName
If (objFSO.FolderExists(strUserData) = True) Then
wshShell.Run "CMD /K TAKEOWN /F """ & strUserData & """ /R /D Y", 1, True
objFSO.DeleteFolder(strUserData)
End If

Next

 

[PHV]

...
' Delete userdata.
 strUserData = "\\rcm-file\studuser$\" & objUser.sAMAccountName
 If (objFSO.FolderExists(strUserData) = True) Then
  [!]wshShell.Run "CMD /K TAKEOWN /F """ & strUserData & """ /R /D Y", 1, True[/!]
  objFSO.DeleteFolder(strUserData)
End If
 ...

Furthermore, to see which folder you can't delete use WScript.Echo

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886

 

[fong21051]

Thank you or your response PHV. I will try this as I am back in work tomorrow (I was working on this script all evening today). I'm a junior programmer, so Im not sure how to use WScript.Echo
May you give me an example? Many thanks!

 

[PHV]

...
' Delete userdata.
 strUserData = "\\rcm-file\studuser$\" & objUser.sAMAccountName
 If (objFSO.FolderExists(strUserData) = True) Then
  wshShell.Run "CMD /K TAKEOWN /F """ & strUserData & """ /R /D Y", 1, True
  [!]WScript.Echo "About to delete " & strUserData[/!]
  objFSO.DeleteFolder(strUserData)
End If
...

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886

 

[fong21051]

Hi PHV,

I'm not sure whats happened man, but when I run the script now, the command line interface will come up and I receive the following error:

''\\rcmutility\software\VB SCRIPT\Script to delete STUDENT AD accounts, profiles
and userdata'
CMD.EXE was started with the above path as the current directory.
UNC paths are not supported. Defaulting to Windows directory.
ERROR: Access is denied.

------------------------------------
I only made some minor changes according to your suggestions so have now idea why it comes up with this error. It use to take ownership before. (I run the vb script logged in as a domain admin on the file server.)

Previously, it use to take ownership of the "profiles" but then it also displayed the following error:
Line 45
error: permission denied

I done some further investigation and found out that for all the "Userdata" I already have "full ownership permission" so I do not need to take ownership. But I found out the reason why it wouldn't delete the user data (error 45, permission denied) is because all the userdata is "shared".
When I try to delete the userdata "manually", it comes up with the message: "You are sharing \\rcm-file\studuser\script.test as script.test. Others may be using files in this folder. If you delete the folder, it will no longer be shared. Are you sure you want to delete it?"

I click "Yes" and then it will delete! May you advise how to add this to the script so it also selects "Yes" to this message when the script deletes each userdata folder?

I've been spending many hours already and still fustrated. Hope you can help! many thanks. Please see my amended script below:

-----------------------------------
Option Explicit

Dim strOU, objOU, objFSO, objUser, strUserData, wshShell
Dim wsh: Set wshShell = CreateObject("WScript.Shell")

' Specify the OU.
strOU = "ou=StudentsToDelete,ou=Default,ou=People,dc=rcm,dc=ac,dc=uk"

' Bind to the OU.
Set objOU = GetObject("LDAP://" & strOU)

' Use FileSystemObject to delete folders.
Set objFSO = CreateObject("Scripting.FileSystemObject")

' Filter on user objects.
objOU.Filter = Array("user")

' Enumerate users.
For Each objUser In objOU
' Skip computers (which have class user).
If (objUser.Class = "user") Then
' Take Ownership of profile then Delete user profile path.
If (objUser.profilePath <> "\\rcm-file\stuprofs$\") Then
If objFSO.FolderExists(objUser.profilePath) Then
wshShell.Run "CMD /K TAKEOWN /F """ & objUser.profilePath & """ /R /D Y", 1, True
objFSO.DeleteFolder objUser.profilePath, True
End If
End If
' Delete the user object from AD.
objUser.DeleteObject (0)
End If

' Delete userdata.
strUserData = "\\rcm-file\studuser$\" & objUser.sAMAccountName
If (objFSO.FolderExists(strUserData) = True) Then
WScript.Echo "About to delete " & strUserData
objFSO.DeleteFolder(strUserData)
End If

' Delete userprofile if path not specified.
strUserData = "\\rcm-file\stuprofs$\" & objUser.sAMAccountName
If (objFSO.FolderExists(strUserData) = True) Then
wshShell.Run "CMD /K TAKEOWN /F """ & strUserData & """ /R /D Y", 1, True
WScript.Echo "About to delete " & strUserData
objFSO.DeleteFolder(strUserData)
End If

Next

 

[Geates]

A stab in the dark. [tt]objFSO.DeleteFolder(strUserData)[red], true[/red][/tt]. Although, this really only applies to files with the [tt]read-only[/tt] bit turned on. Not sure if shared files "start" like this.

-Geates

http://raqxtr.sstar.com/caspdoc/html/chapter_5__developer_s_reference.htm

 

[fong21051]

Hi PHV and Geates. Thank you both for your help on this.
Geates, i'm sorry but I made a mistake. "Line 45, error: access denied" is refering to:
objFSO.DeleteFolder(strUserData)

and this line is suppose to delete the "profile folder" and NOT the "userdata folder" so my apologies for my mistake!

Now I did further investigation and the reason for "access denied" is because there is something wrong with my domain account.
When I attempt to "manually" take ownership of profile folders as my domain account, I also receive "access denied".
But when I take ownership by selecting the "administrator" of the profile folder, this works with no errors, and then I am able to delete the profile folder.
Is there a way the line below can be modified to take ownership as "local adminsitrator" and NOT as my domain admin account?

wshShell.Run "CMD /K TAKEOWN /F """ & strUserData & """ /R /D Y", 1, True

Thank you both for your time so far. I would appreciate any further help. Many thanks

 

[PHV]

Use the /U and /P command line switches of the TAKEOWN command.

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886

 

[fong21051]

Hi PHV, thank you for your quick response. Do I just add /U /P switches after the TAKEOWN command like the line below:

wshShell.Run "CMD /K TAKEOWN /F /U /P """ & strUserData & """ /R /D Y", 1, True

Is this correct? Please may you confirm this as I am unsure of this. Many thanks.

 

[PHV]

In a console window type takeown /?

 

[fong21051]

Hi PHV man, thanks for your advice, on the takeown /? there is a parameter /A that allows me to take ownership as administrator.
I put this in front of the /F and it seems to take ownership as administrator.It seems to have done the trick!
I will further test this tomorrow to delete batches of folders and see how I do. Many thanks man

 

[fong21051]

Hi again.
I'm really in a mess with this one. I found 2 problems, please see below:

1. I am receiving the following error:
Line 36, Char 6, Error: Permission denied.
Line 36 is the line that deletes the "userdata" : objFSO.DeleteFolder(strUserData)
It echoes me back telling me which userdata it wants to delete and I can confirm that the UNC path is correct. But I have no idea why I get "access denied".
However, I am able to delete them "manually" by doing a shift-delete on the userdata's in question. It makes no sense. How come I can delete manually but the script doesn't delete it? Do you have any ideas?

2. Second error I am receiving is: Line 44, char 6, permission denied.
This is line is suppose to delete the "profile folder": objFSO.DeleteFolder(strUserData).
When I try to delete manually I receive error: "cannot delete ntuser.pol, access denied". I realised I have to go into the "permissions" tab and select the checkbox: "replace permission entries on all child objects with entries shown here that apply to child objects".
And then I can manually delete this profile folder!
May you help me amend this so it selects that checkbox. I have included my code below. Many thanks again!

------------------------
Option Explicit

Dim strOU, objOU, objFSO, objUser, strUserData, wshShell
Dim wsh: Set wshShell = CreateObject("WScript.Shell")

' Specify the OU.
strOU = "ou=2010EmailForLife,ou=EmailForLife,ou=Student Leavers,ou=People,dc=rcm,dc=ac,dc=uk"
' strOU = "ou=StudentsToDelete,ou=Default,ou=People,dc=rcm,dc=ac,dc=uk"

' Bind to the OU.
Set objOU = GetObject("LDAP://" & strOU)

' Use FileSystemObject to delete folders.
Set objFSO = CreateObject("Scripting.FileSystemObject")

' Filter on user objects.
objOU.Filter = Array("user")

' Enumerate users.
For Each objUser In objOU
' Skip computers (which have class user).
'' If (objUser.Class = "user") Then
' Take Ownership of profile then Delete user profile path.
'' If (objUser.profilePath <> "\\rcm-file\stuprofs$\") Then
'' If objFSO.FolderExists(objUser.profilePath) Then
'' wshShell.Run "CMD /K TAKEOWN /F """ & objUser.profilePath & """ /R /D Y", 1, True
'' objFSO.DeleteFolder objUser.profilePath, True
'' End If
'' End If
'' End If

' Delete userdata.
strUserData = "\\rcm-file\studuser$\" & objUser.sAMAccountName
If (objFSO.FolderExists(strUserData) = True) Then
WScript.Echo "About to delete " & strUserData
objFSO.DeleteFolder(strUserData)
End If

' Delete userprofile if path not specified.
strUserData = "\\rcm-file\stuprofs$\" & objUser.sAMAccountName
If (objFSO.FolderExists(strUserData) = True) Then
wshShell.Run "CMD /K TAKEOWN /A /F """ & strUserData & """ /R /D Y", 1, True
WScript.Echo "About to delete " & strUserData
objFSO.DeleteFolder(strUserData)
End If

Next

 

[fong21051]

Hi, Please can someone help me with this as I am really stuck!
For my code above I am receiving the following:
Line 36, Char 6, Error: Permission denied.
Line 36 is the line that deletes the "userdata" : objFSO.DeleteFolder(strUserData)
It echoes me back telling me which userdata it wants to delete and I can confirm that the UNC path is correct. But I have no idea why I get "access denied".
For example, I try to delete the userdata "jane.murphy" and run script but I receive error: Line 36, char 6, error: permission denied.

But the funny thing is I rename jane's folder to "jane.murphy_old" and create a completely new folder with the same name: "jane.murphy". When I run the script against this, it will delete!
I compare the inheritance permissions, share permissions, ntfs permissions, ownership permissions of both folders and ensure they are both exactly 100% identical, I then rename the original folder back to "jane.murphy" but the script still does not delete this, and still receive the same error message...
However, I can manually delete both these folders. There is something wrong with the original jane.murphy folder but I have no idea what this could be.
I have the correct permissions so how come the script can't delete it but I can manually?
And how come creating a new folder and renaming this to jane.murphy will delete, but original jane.murphy folder will not, even though the permissions are double-checked and exactly identical?
There is something wrong with the original userdata folders as this happens to all of them. Can someone help figure this out please as I spent many hours and have run out of ideas now. Hope someone can shed some light on this. Many thanks.

 

[markdmac]

You will usually get an error deleting the NTUser.pol if the user is a member of the administrators group and you are logged in as administrator.

Anyway you might want to try looking at the permissions of the sub folders. I bet there were subs that had inheritance turned off. The /R /D Y switches for TAKEOWN shoudl be doing that for you.

I prefer to use XCACLS to take ownership. Take a look at the help info here for the switches you would need:

http://support.microsoft.com/kb/825751

I hope that helps.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.