Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

vbscript to remove all membership in member of tab in active directory except for Domain Users

vbscript to remove all membership in member of tab in active directory except for Domain Users

vbscript to remove all membership in member of tab in active directory except for Domain Users


I'm new here in tek-tips and to vbs language and I want to develop a code that will remove all membership of user in active directory except for Domain Users but can't figure out why, can someone help on this?Thanks

RE: vbscript to remove all membership in member of tab in active directory except for Domain Users

This should do what you are asking for. I have not tested it though.

CODE --> VBScript

UserName = InputBox("Enter Username","Enter Username")

Set objUser = GetObject("LDAP://" & SearchDistinguishedName(UserName))
For Each strGroup in objUser.memberOf
        Set objGroup = GetObject("LDAP://" & strGroup)
    	GroupName = objGroup.CN
    	If GroupName <> "Domain Users" Then
    	End If

Public Function SearchDistinguishedName(ByVal vSAN)
    ' Function:     SearchDistinguishedName
    ' Description:  Searches the DistinguishedName for a given SamAccountName
    ' Parameters:   ByVal vSAN - The SamAccountName to search
    ' Returns:      The DistinguishedName Name
    Dim oRootDSE, oConnection, oCommand, oRecordSet

    Set oRootDSE = GetObject("LDAP://rootDSE")
    Set oConnection = CreateObject("ADODB.Connection")
    oConnection.Open "Provider=ADsDSOObject;"
    Set oCommand = CreateObject("ADODB.Command")
    oCommand.ActiveConnection = oConnection
    oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & _
        ">;(&(objectCategory=User)(samAccountName=" & vSAN & "));distinguishedName;subtree"
    Set oRecordSet = oCommand.Execute
    On Error Resume Next
    SearchDistinguishedName = oRecordSet.Fields("DistinguishedName")
    On Error GoTo 0
    Set oRecordSet = Nothing
    Set oCommand = Nothing
    Set oConnection = Nothing
    Set oRootDSE = Nothing
End Function 

I hope that helps.



No trees were harmed in posting this message, however a significant number of electrons were terribly inconvenienced.

Check out my scripting solutions at http://www.thespidersparlor.com/vbscript


RE: vbscript to remove all membership in member of tab in active directory except for Domain Users

thanks Mark for your response, below is my code so far. I'm retrieving info based from the samaccountname of the user input then I'm disabling it,hide it from GAL,set restriction and changed password.However I wanted to add error trapping on these cause we have also domain admin accounts which we can't disable and for me to be notified what issued it had encountered. Also I wanted to move user to another OU,remove SIP address in e-mail address tab in AD.We're tracking all the disabled accounts and we're putting it to an excel file, can you help achieve these. Again thanks for the response, appreciate it.

Option Explicit
Dim adoCommand, adoConnection
Dim objRootDSE,varDNSDomain,varBaseDN Dim name,x Dim strQuery,strUserDN,varFilter, varAttributes, adoRecordset
Dim newDescription,objUser
Dim y,dt


' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection

' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
varDNSDomain = objRootDSE.Get("defaultNamingContext")
varBaseDN = "<LDAP://" & varDNSDomain & ">"

'ask for user input
Do While x=0
name= InputBox ("Please enter userid/employee id: ","My Tool") 'ask for input
if IsEmpty (name)Then
MsgBox "Cancelled",vbExclamation," My Tool"
elseif Len(name) = 0 Then
MsgBox "No userid \empid was entered.", vbInformation, "My Tool"

'MsgBox "Hi," & name& "", vbInformation, "My Tool"
Exit Do

End If


' Filter on user objects.
varFilter = "(&(objectCategory=person)(objectClass=user)(samaccountname="& name &"))"

' Comma delimited list of attribute values to retrieve.
varAttributes = "samaccountname,distinguishedname"

' Construct the LDAP syntax query.
strQuery = varBaseDN & ";" & varFilter & ";" & varAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 1000
adoCommand.Properties("Timeout") = 20
adoCommand.Properties("Cache Results") = False

' Run the query.
Set adoRecordset = adoCommand.Execute

' Enumerate the resulting recordset.
Do Until adoRecordset.EOF

' Retrieve values and display.
strUserDN = adoRecordset.Fields("distinguishedname").value
Set objUser = GetObject("LDAP://"& strUserDN)

'disabled user account
objUser.AccountDisabled = True
If strUserDN = "" then
Msgbox "No user found with the name '"& name &"'"
Else Msgbox "userid\employeeid '"& name&"' has been disabled successfully...",vbInformation, "My Tool"
end if

'Hide From GAL
objuser.put "msExchHideFromAddressLists", True
MSgBox"Successfully hide from GAL",vbInformation, "My Tool"

'Mailbox restrictions
objuser. putEX ADS_PROPERTY_UPDATE, "authOrig", Array("CN=(Distro List),OU=our OU,OU=Another OU,DC=OUR DC,DC=com")
MsgBox "Done setting restriction ",vbInformation, "My Tool"

'-put in disabled by
newDescription= "disabled by me-"
dt=date ()
y=newDescription &dt

objuser.put "Description" , y
MsgBox"Description field",vbInformation, "My Tool"

'-reset password
objUser.SetPassword "Password"
MsgBox" Succesfully changed password"

' Move to the next record in the recordset.

' close ado connections.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close