Please help with this script

[bnymk]

Hello all:

I have written a vbs script that was supposed to loop through an excel spreadsheet and delete users' account from active directory. I'm not getting any errors when I run the script but it also doesn't delete the accounts that are listed in the active directory. I'm using Windows 2003 EE and the script is below. If you guys have any ideas as to why the script is not deleteing the accounts, would be greatly appreciated.

Thanks.


'Parent container of new user
Dim oContainer

'created user
Dim oUser

'Set the file type and location where we are going to get the data from
on error resume next

set x = getobject(,"excel.application")
If err.number<> 0 Then
set x = createObject("excel.application")
err.clear
end If

set objWorkbook = x.Workbooks.Open("D:\accts1.xls")
If err.number <> 0 Then
wscript.echo "Source file not found. Cannot proceed with importing into Active Directory. Operation aborted."
x.quit : set x=nothing : wscript.quit
end If

on error goto 0

set y = objWorkbook.activesheet

'Start from the second row of the spreadsheet
r = 2

'Set the path to the appropriate network.
set oContainer = GetObject("LDAP://OU=Test,OU=AllUsers,DC=domain,DC=com")

do until len(y.cells(r, 1).value) = 0

with y
first_name = .cells(r, 1).value
last_name = .cells(r, 2).value
end with
'Add users data
fullName = first_name & " " & last_name
on error resume next
If Err.Number <> 0 And Err.Number <> -2147019886 Then
'If there is an error then show error otherwise display confirmation texts in the assigned cells
x.cells(r, 17).value = err.number & ": " & "ID creation error"
err.clear
Else
with oContainer
.Delete "user","CN=" & fullName
end with
with y
.cells(r, 5).value = "deleted"
end with

End if
set oUser=nothing
on error goto 0
r = r + 1
Loop
Set grp = Nothing
Set oContainer = nothing

'tidying up xls
set y=nothing
'objWorkbook.save
'objWorkbook.close
set objWorkbook = nothing

set x = nothing

msgbox "Successfully deleted users from Active Directory"



"Behind every great fortune there lies a great crime", Honore De Balzac

 

[tfg13]

Best bet as to where the error is, remove the "on error resume next" and then you should get a result as to why/where it's failing.

 

[bnymk]

tfg13:

Thanks for the response. I removed "on error resume next" and now I'm getting an error "There is no such object on the server" somewhere close to where I have the following lines of code.

Else
with oContainer
.Delete "user","CN=" & fullName
end with


"Behind every great fortune there lies a great crime", Honore De Balzac

 

[tsuji]

Move the error control block to its proper place, like this.
[tt]
do until len(y.cells(r, 1).value) = 0
with y
first_name = .cells(r, 1).value
last_name = .cells(r, 2).value
end with
'Add users data
fullName = first_name & " " & last_name
on error resume next
with oContainer
.Delete "user","CN=" & fullName
end with
If Err.Number <> 0 And Err.Number <> -2147019886 Then
'If there is an error then show error otherwise display confirmation texts in the assigned cells
[red]y[/red].cells(r, 17).value = err.number & ": " & "ID creation error" [green]'x will do but better y[/green]
err.clear
Else
with y
.cells(r, 5).value = "deleted"
end with
End if
[red]'[/red]set oUser=nothing 'no use, maybe meaningful in the full script
on error goto 0
r = r + 1
Loop
[/tt]

 

[bnymk]

tsuji:

Thanks for the response. I tried you approach and now I'm getting the following error number "-2147016656". I also tried the following script to delete only one record from the same OU and I get another error "There is no such object on the server"

'Parent container of object to be deleted
Dim oContainer
'Get parent container
Set oContainer=GetObject("LDAP://OU=TEST,OU=AllUsers,DC=Domain,DC=com")
'Delete user
oContainer.Delete "user","CN=AMY AYCOCK"
'Clean up
Set oContainer = Nothing
WScript.Echo "Finished"

Any ideas????

Thanks everyone!!

"Behind every great fortune there lies a great crime", Honore De Balzac

 

[MorganGreylock]

When I get error #s like that, I open google and search for the # (without the -) and look for URLs to microsoft.

Taken from microsoft's support website:

SYMPTOMS
When you try to extend your virtual server, you may receive the following error message:
The virtual server was extended with Windows SharePoint Services, but the following error occurs in creating the default site “

http://Server_Name”.

Please correct the input and try to create the default site again.
Error: There is no such object on the server. #1e0046: Adding user “User_Name” to OU “OU_Name” in domain “Domain_Name” FAILED with HRESULT -2147016656.

CAUSE
This issue may occur when both of the following conditions are true:
• You have configured Microsoft Windows SharePoint Services in Active Directory account creation mode.
• The organizational unit that you specified does not exist in the Active Directory.

RESOLUTION
To resolve this issue, make sure that the organizational unit that you want to use exists in the Active Directory, and make sure that the domain account that you specified for the Windows SharePoint Services application pools has Delegate control over the organizational unit. To do this, follow these steps:
1. Find out the Active Directory and organizational unit that you specified during setup. To do this, use the following command-lines:
• To retrieve the Active Directory you specified, type the following command at the command prompt: Stsadm –o getproperty –pn ADAccountDomain

The command line returns the following:
<Property Exist=”Yes” Value=”<domain_name>” />
• To retrieve the organizational unit that you specified, type the following command at the command prompt: Stsadm –o getproperty –pn ADAccountOU

The command line returns the following:
<Property Exist=”Yes” Value=”<Organizational_Unit_Name>” />
2. Start Active Directory Users and Computers, and then connect to the domain that is returned by the first command-line that is mentioned earlier in this article.
• Make sure that the organizational unit that is returned from the command earlier exists in the domain.
• Make sure that the domain account that you specified for the Windows SharePoint Services application pools has Delegate control over the organizational unit.
To delegate permissions to the organizational unit, follow these steps:
1. On your Active Directory server, click Start, point to All Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
2. Right-click the new organizational unit, and then click Delegate control.
3. In the Welcome pane, click Next.
4. In the Users and Groups pane, click Add.
5. In the Enter the object names to select box, type the user name that plan to use for the administration application pool identity, and then click OK.
6. Click Next.
7. In the Tasks to Delegate pane, click to select the Create, delete, and manage user accounts check box and the Read all user information check box, and then click Next.
8. Click Finish.

 

[tsuji]

Also, control in the first place the oContainer is established, meaning the ou found. (You did not control that so that we take it for granted that its existence is an undisputed fact to you.)
[tt]
on error resume next
Set oContainer=GetObject("LDAP://OU=TEST,OU=AllUsers,DC=Domain,DC=com")
if err.number<>0 then
wscript.echo err.number & vbcrlf & hex(err.number) & vbcrlf & err.description
err.clear
'do something or early exit as there is no point to continue
'clean up excel.application or move this block before establishing the object x.
'make sure you do this because x is not set visible to true
wscript.quit
end if
on error goto 0
[/tt]

 

[bnymk]

Guys, I have tried my previous scripts and the script that tsuji recommended on different OU by adding a bunch of users and the two scripts work, even the one that should delete only one record/user Now I'm thinking if there is some sort of a lock mechanism that will prevent from a script running on a specific OU that is making these scripts fail to run. Any ideas?

"Behind every great fortune there lies a great crime", Honore De Balzac

 

[bnymk]

tsuji:

The OU that I specified is there and I went ahead and put what you suggested and an not getting any error from that part. Thanks for the idea though!!!

"Behind every great fortune there lies a great crime", Honore De Balzac

 

[markdmac]

Your best bet is to use the user login names in Excel. Then you can use the functions from K0b3's FAQ to grab the LDAP path of the user for the delete.

Refer to K0b3's FAQ here: faq329-5688


I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript