vbscript to remove all membership in member of tab in active directory except for Domain Users

[xzqt23]

Hi,

I'm new here in tek-tips and to vbs language and I want to develop a code that will remove all membership of user in active directory except for Domain Users but can't figure out why, can someone help on this?Thanks

 

[markdmac]

This should do what you are asking for. I have not tested it though.

UserName = InputBox("Enter Username","Enter Username")

Set objUser = GetObject("LDAP://" & SearchDistinguishedName(UserName))
For Each strGroup in objUser.memberOf
        Set objGroup = GetObject("LDAP://" & strGroup)
    	GroupName = objGroup.CN
    	If GroupName <> "Domain Users" Then
    		objGroup.Remove(objUser.DistinguishedName)
    	End If
Next 



Public Function SearchDistinguishedName(ByVal vSAN)
    ' Function:     SearchDistinguishedName
    ' Description:  Searches the DistinguishedName for a given SamAccountName
    ' Parameters:   ByVal vSAN - The SamAccountName to search
    ' Returns:      The DistinguishedName Name
    Dim oRootDSE, oConnection, oCommand, oRecordSet

    Set oRootDSE = GetObject("LDAP://rootDSE")
    Set oConnection = CreateObject("ADODB.Connection")
    oConnection.Open "Provider=ADsDSOObject;"
    Set oCommand = CreateObject("ADODB.Command")
    oCommand.ActiveConnection = oConnection
    oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & _
        ">;(&(objectCategory=User)(samAccountName=" & vSAN & "));distinguishedName;subtree"
    Set oRecordSet = oCommand.Execute
    On Error Resume Next
    SearchDistinguishedName = oRecordSet.Fields("DistinguishedName")
    On Error GoTo 0
    oConnection.Close
    Set oRecordSet = Nothing
    Set oCommand = Nothing
    Set oConnection = Nothing
    Set oRootDSE = Nothing
End Function

I hope that helps.

Regards,

Mark

No trees were harmed in posting this message, however a significant number of electrons were terribly inconvenienced.

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER.

 

[xzqt23]

thanks Mark for your response, below is my code so far. I'm retrieving info based from the samaccountname of the user input then I'm disabling it,hide it from GAL,set restriction and changed password.However I wanted to add error trapping on these cause we have also domain admin accounts which we can't disable and for me to be notified what issued it had encountered. Also I wanted to move user to another OU,remove SIP address in e-mail address tab in AD.We're tracking all the disabled accounts and we're putting it to an excel file, can you help achieve these. Again thanks for the response, appreciate it.

Option Explicit
Dim adoCommand, adoConnection
Dim objRootDSE,varDNSDomain,varBaseDN Dim name,x Dim strQuery,strUserDN,varFilter, varAttributes, adoRecordset
Dim newDescription,objUser
Dim y,dt

Const ADS_PROPERTY_UPDATE = 2
Const ADS_PROPERTY_DELETE = 4
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D

' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection

' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
varDNSDomain = objRootDSE.Get("defaultNamingContext")
varBaseDN = "<LDAP://" & varDNSDomain & ">"

'ask for user input
Do While x=0
name= InputBox ("Please enter userid/employee id: ","My Tool") 'ask for input
if IsEmpty (name)Then
MsgBox "Cancelled",vbExclamation," My Tool"
wscript.quit
elseif Len(name) = 0 Then
MsgBox "No userid \empid was entered.", vbInformation, "My Tool"

Else
'MsgBox "Hi," & name& "", vbInformation, "My Tool"
Exit Do

End If

Loop

' Filter on user objects.
varFilter = "(&(objectCategory=person)(objectClass=user)(samaccountname="& name &"))"

' Comma delimited list of attribute values to retrieve.
varAttributes = "samaccountname,distinguishedname"

' Construct the LDAP syntax query.
strQuery = varBaseDN & ";" & varFilter & ";" & varAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 1000
adoCommand.Properties("Timeout") = 20
adoCommand.Properties("Cache Results") = False

' Run the query.
Set adoRecordset = adoCommand.Execute

' Enumerate the resulting recordset.
Do Until adoRecordset.EOF

' Retrieve values and display.
strUserDN = adoRecordset.Fields("distinguishedname").value
Set objUser = GetObject("LDAP://"& strUserDN)

'disabled user account
objUser.AccountDisabled = True
If strUserDN = "" then
Msgbox "No user found with the name '"& name &"'"
Else Msgbox "userid\employeeid '"& name&"' has been disabled successfully...",vbInformation, "My Tool"
end if

'Hide From GAL
objuser.put "msExchHideFromAddressLists", True
objuser.setInfo
MSgBox"Successfully hide from GAL",vbInformation, "My Tool"

'Mailbox restrictions
objuser. putEX ADS_PROPERTY_UPDATE, "authOrig", Array("CN=(Distro List),OU=our OU,OU=Another OU,DC=OUR DC,DC=com")
objUser.SetInfo
MsgBox "Done setting restriction ",vbInformation, "My Tool"

'-put in disabled by
newDescription= "disabled by me-"
dt=date ()
y=newDescription &dt

objuser.put "Description" , y
objuser.SetInfo
MsgBox"Description field",vbInformation, "My Tool"


'-reset password
objUser.SetPassword "Password"
objuser.SetInfo
MsgBox" Succesfully changed password"


' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop

' close ado connections.
adoRecordset.Close
adoConnection.Close