×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

vbscript to remove all membership in member of tab in active directory except for Domain Users

vbscript to remove all membership in member of tab in active directory except for Domain Users

vbscript to remove all membership in member of tab in active directory except for Domain Users

(OP)
Hi,

I'm new here in tek-tips and to vbs language and I want to develop a code that will remove all membership of user in active directory except for Domain Users but can't figure out why, can someone help on this?Thanks

RE: vbscript to remove all membership in member of tab in active directory except for Domain Users

This should do what you are asking for. I have not tested it though.

CODE --> VBScript

UserName = InputBox("Enter Username","Enter Username")

Set objUser = GetObject("LDAP://" & SearchDistinguishedName(UserName))
For Each strGroup in objUser.memberOf
        Set objGroup = GetObject("LDAP://" & strGroup)
    	GroupName = objGroup.CN
    	If GroupName <> "Domain Users" Then
    		objGroup.Remove(objUser.DistinguishedName)
    	End If
Next 



Public Function SearchDistinguishedName(ByVal vSAN)
    ' Function:     SearchDistinguishedName
    ' Description:  Searches the DistinguishedName for a given SamAccountName
    ' Parameters:   ByVal vSAN - The SamAccountName to search
    ' Returns:      The DistinguishedName Name
    Dim oRootDSE, oConnection, oCommand, oRecordSet

    Set oRootDSE = GetObject("LDAP://rootDSE")
    Set oConnection = CreateObject("ADODB.Connection")
    oConnection.Open "Provider=ADsDSOObject;"
    Set oCommand = CreateObject("ADODB.Command")
    oCommand.ActiveConnection = oConnection
    oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & _
        ">;(&(objectCategory=User)(samAccountName=" & vSAN & "));distinguishedName;subtree"
    Set oRecordSet = oCommand.Execute
    On Error Resume Next
    SearchDistinguishedName = oRecordSet.Fields("DistinguishedName")
    On Error GoTo 0
    oConnection.Close
    Set oRecordSet = Nothing
    Set oCommand = Nothing
    Set oConnection = Nothing
    Set oRootDSE = Nothing
End Function 

I hope that helps.

Regards,

Mark

No trees were harmed in posting this message, however a significant number of electrons were terribly inconvenienced.

Check out my scripting solutions at http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER.

RE: vbscript to remove all membership in member of tab in active directory except for Domain Users

(OP)
thanks Mark for your response, below is my code so far. I'm retrieving info based from the samaccountname of the user input then I'm disabling it,hide it from GAL,set restriction and changed password.However I wanted to add error trapping on these cause we have also domain admin accounts which we can't disable and for me to be notified what issued it had encountered. Also I wanted to move user to another OU,remove SIP address in e-mail address tab in AD.We're tracking all the disabled accounts and we're putting it to an excel file, can you help achieve these. Again thanks for the response, appreciate it.

Option Explicit
Dim adoCommand, adoConnection
Dim objRootDSE,varDNSDomain,varBaseDN Dim name,x Dim strQuery,strUserDN,varFilter, varAttributes, adoRecordset
Dim newDescription,objUser
Dim y,dt

Const ADS_PROPERTY_UPDATE = 2
Const ADS_PROPERTY_DELETE = 4
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D

' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection

' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
varDNSDomain = objRootDSE.Get("defaultNamingContext")
varBaseDN = "<LDAP://" & varDNSDomain & ">"

'ask for user input
Do While x=0
name= InputBox ("Please enter userid/employee id: ","My Tool") 'ask for input
if IsEmpty (name)Then
MsgBox "Cancelled",vbExclamation," My Tool"
wscript.quit
elseif Len(name) = 0 Then
MsgBox "No userid \empid was entered.", vbInformation, "My Tool"

Else
'MsgBox "Hi," & name& "", vbInformation, "My Tool"
Exit Do

End If

Loop

' Filter on user objects.
varFilter = "(&(objectCategory=person)(objectClass=user)(samaccountname="& name &"))"

' Comma delimited list of attribute values to retrieve.
varAttributes = "samaccountname,distinguishedname"

' Construct the LDAP syntax query.
strQuery = varBaseDN & ";" & varFilter & ";" & varAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 1000
adoCommand.Properties("Timeout") = 20
adoCommand.Properties("Cache Results") = False

' Run the query.
Set adoRecordset = adoCommand.Execute

' Enumerate the resulting recordset.
Do Until adoRecordset.EOF

' Retrieve values and display.
strUserDN = adoRecordset.Fields("distinguishedname").value
Set objUser = GetObject("LDAP://"& strUserDN)

'disabled user account
objUser.AccountDisabled = True
If strUserDN = "" then
Msgbox "No user found with the name '"& name &"'"
Else Msgbox "userid\employeeid '"& name&"' has been disabled successfully...",vbInformation, "My Tool"
end if

'Hide From GAL
objuser.put "msExchHideFromAddressLists", True
objuser.setInfo
MSgBox"Successfully hide from GAL",vbInformation, "My Tool"

'Mailbox restrictions
objuser. putEX ADS_PROPERTY_UPDATE, "authOrig", Array("CN=(Distro List),OU=our OU,OU=Another OU,DC=OUR DC,DC=com")
objUser.SetInfo
MsgBox "Done setting restriction ",vbInformation, "My Tool"

'-put in disabled by
newDescription= "disabled by me-"
dt=date ()
y=newDescription &dt

objuser.put "Description" , y
objuser.SetInfo
MsgBox"Description field",vbInformation, "My Tool"


'-reset password
objUser.SetPassword "Password"
objuser.SetInfo
MsgBox" Succesfully changed password"


' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop

' close ado connections.
adoRecordset.Close
adoConnection.Close

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close