?
Solved

Remove a user from all the groups in the file

Posted on 2007-07-24
27
Medium Priority
?
298 Views
Last Modified: 2010-03-05
Hi,

I have a user who is a member of 30 groups.I just want to remove 15 groups in which he is a member.Is there a script from which i can do this.

regards
Sharath
0
Comment
Question by:bsharath
  • 12
  • 12
  • 2
  • +1
27 Comments
 
LVL 12

Expert Comment

by:zoofan
ID: 19562906
0
 
LVL 11

Author Comment

by:bsharath
ID: 19563123
What i want is remove some groups which are in the file from the user....
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19563141
Trying to better understand you,  Your trying to remove the permissions of one user from file security's that are set by groups to which the user is a member?  Or remove 15 groups from file security?

sorry I do not understand this part "remove some groups which are in the file from the user"

could you explain differently please.

thanks
zf
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 11

Author Comment

by:bsharath
ID: 19563216
Every user is a member of some groups.
When we go to outlook and type a mail id and go to properties.In members of property we can see all the groups a user is a member.Now i have a user who is a member of many mailing groups.I want to remove some groups he is a member.I have all the group names in a file.
Need a scrip to search a user gor all the groups he is a member and remove those groups.

THX
Sharath
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19563230
Gotcha,

I can try to script that for you but would need a sample of the file.


zf
0
 
LVL 11

Author Comment

by:bsharath
ID: 19563251
The txt file where i have the groups would look like this.

India_ Group1
India-group2
indiagroup3
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19563261
Can you copy and paste a portion of the file please?

zf
0
 
LVL 11

Author Comment

by:bsharath
ID: 19563301
this is what is there in the file.
l2.1_build
l2.2_build
le2_build
1_support
2.5_Galaxy
PMO_P1W
Priority List
Release
India_ Group1
India-group2
indiagroup3
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19563329
Well.. Umm..  Ok and this is a list of group names or user names both? Realize your looking at these knowing what they are,  I will be very hard pressed to create a script that will scan a file and edit it without knowing what Im looking at and what Im looking for.


ex:

User1,group1,group2,group3,group4,group5
User2,group1,group2,group3,group4,group5
User3,group1,group2,group3,group4,group5
User4,group1,group2,group3,group4,group5

or

User1:
group1
group2
group3
group4
group5

User2:
group1
group2
group3
group4
group5


The structure of the file is vital to being capable of scripting an editor for it.

zf
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19563343
Every chachter in the file makes a difference, like importing a comma delimited txt file into excell,  excell knows to break the parts up by the delimitter, the coma.  Line spacing, tab spacing, delimitter etc it all matters.

zf
0
 
LVL 11

Author Comment

by:bsharath
ID: 19563347
The script has to give me a option of entering the user name
Say when script asks me to enter the name i shall enter "Sharath"
So what should ha[ppen is all the groups that are there in the txt file should be removed from the user "Sharath"
0
 
LVL 11

Author Comment

by:bsharath
ID: 19563358
The script has to query with the Active directory and remove the groups from the users member of
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19563362
Yes, I agree  as well as what group names you want to remove the user from.  But once given that information the script must know how the file is laid out in order to search and edit it.

zf
0
 
LVL 11

Author Comment

by:bsharath
ID: 19563370
I think we have both been confused.

I want to remove all the groups for which a user is a member from the ADS...
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19563376
I see this now!!  lol

zf
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19563381
Give me some time, Ill see what I can do.

Just so I (I think I do now)understand you have a text file with a list of groups, you need to enter a username, scan AD for the user retrive a list of groups that they are a member of and remove membership from the groups in the list?


zf
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19563387
Are these security groups or distrobution lists?

zf
0
 
LVL 11

Author Comment

by:bsharath
ID: 19563391
They are Distribution groups...
0
 
LVL 11

Author Comment

by:bsharath
ID: 19563402
Yes you are corect...
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19563405
ok,  sorry for the mix up,  give me some time Ill work on it.

zf
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19563637
Hi bsharath,

Having misunderstood you intially and now realizing what you need, I belive this to be a bit outside what i feel I could do with the utmost confidence.  Scripting this in AD changes the senerio completly as you need to deal with nested group membership,

IE
user1 is a member of grp1 grp2 grp grp4

grp4 is a member of grp6 grp9 grp12

grp9 is a member of grp5 grp8

and grp8 is where the user needs to be removed from.

this would need to be tested all the way thru to find every group the user is a member of and every group that group is a member of etc etc(group inheritence) until all the possablities where exausted.

I would not feel comfortable doing this as one slip could easily corrupt your ADdb as well as possiably create havoc with your domain share permissions and security.  I appologize for not being able to help after all this but hope that you respect and understand my position.


My appologize,

zf
0
 
LVL 11

Author Comment

by:bsharath
ID: 19563651
No problem thanks for the help...
0
 
LVL 6

Expert Comment

by:Admin4XP
ID: 19564446
I think this should work but I dont have access to AD to test it.

Dim objFSO:Set objFSO=CreateObject("Scripting.FileSystemObject")
arrFile=Split(objFSO.OpenTextFile("C:\Groups.txt").ReadAll,vbCrLf)

dim groupPath
dim userPath
StrUsr = InputBox "Please input username"
userPath = "LDAP://cn=" & StrUsr & ",cn=users,dc=%YOURDOMAIM%,dc=co,dc=uk"

For each Grp in arrFile
      groupPath = "LDAP://cn=" & Grp & ",cn=users,dc=%YOURDOMAIM%,dc=co,dc=uk"
      removeFromGroup userPath,groupPath
Next

sub removeFromGroup(userPath, groupPath)

      dim objGroup
      set objGroup = getobject(groupPath)
      
      objGroup.PutEx ADS_PROPERTY_DELETE, _
      "member",Array(UserPath)
      objGroup.SetInfo
end sub

obviously change the container names and Domain
0
 
LVL 26

Expert Comment

by:Farhan Kazi
ID: 19566345
:: * This script require "Groups.txt" file on C: drive root from where it will pick group names.
:: * You need to set 'UserNTID' variables value to the users NT Login ID.
::   Like:
::        SET UserNTID=FKazi
::
:: * Successful run will generate "GroupsReport.txt" file on C: drive root.
:: * Copy and paste following script in notepad and save it with any name having .cmd extension.
:: *** SCRIPT START ***

@Echo Off
SETLOCAL EnableDelayedExpansion

SET UserNTID=FKazi

IF NOT EXIST C:\Groups.txt Goto ShowErr
FOR %%R IN (C:\Groups.txt) Do IF %%~zR EQU 0 Goto ShowErr
IF EXIST C:\GroupReport.txt DEL /F /Q C:\GroupReport.txt

DSQuery User -SAMID "%UserNTID%*" | Find /I "CN=">C:\TmpUID.txt
IF ERRORLEVEL 1 Echo User '%UserNTID%' Not Found. && Goto :EndScript
SET /P UserCN=<C:\TmpUID.txt

FOR /F "delims=#" %%g IN ('Type C:\Groups.txt') Do (
      Echo Processing: %%g
      DSQuery Group -Name "%%g*" | DSMod Group -RmMbr %UserCN% >>C:\GroupReport.txt 2>NUL
)
Goto EndScript
:ShowErr
Echo "C:\Groups.txt" file does not exist or file is empty!
:EndScript
IF EXIST C:\TmpUID.txt DEL /F /Q C:\TmpUID.txt
ENDLOCAL
:: *** SCRIPT END ***
0
 
LVL 11

Author Comment

by:bsharath
ID: 19566467
Thanks this worked.Can we specify the CN and OU's in this script.As some of the groups are in a different trusted domain.

Its removing all groups from the DC but not from the Main Dc.
0
 
LVL 26

Accepted Solution

by:
Farhan Kazi earned 2000 total points
ID: 19566933
NOTE: You can not remove user from OU (removing user from OU means you are trying to delete user).

:: * This script require "Groups.txt" file on C: drive root from where it will pick Group Names or Group CN's.
::   "Groups.txt" file should contain name or CN in following format:
::    Account
::    Sales       
::    CN=TempStaff,OU=SALES,DC=Training,DC=com
::
:: * You need to set 'UserNTID' variables value to the users NT login id.
::   Like:
::        SET UserNTID=FKazi
::
:: * Successful run will generate "GroupsReport.txt" file on C: drive root.
:: * Copy and paste following script in notepad and save it with any name having .bat extension.
:: *** SCRIPT START ***

@Echo Off
SETLOCAL EnableDelayedExpansion

SET UserNTID=FKazi

IF NOT EXIST C:\Groups.txt Goto ShowErr
FOR %%R IN (C:\Groups.txt) Do IF %%~zR EQU 0 Goto ShowErr
IF EXIST C:\GroupReport.txt DEL /F /Q C:\GroupReport.txt

DSQuery User -SAMID "%UserNTID%*" | Find /I "CN=">C:\TmpUID.txt
IF ERRORLEVEL 1 Echo User '%UserNTID%' Not Found. && Goto :EndScript
SET /P UserCN=<C:\TmpUID.txt

FOR /F "delims=#" %%g IN ('Type C:\Groups.txt') Do (
      Echo Processing: %%g
      Echo %%g | FIND /I "CN=">NUL
      IF ERRORLEVEL 1 (DSQuery Group -Name "%%g*" | DSMod Group -RmMbr %UserCN% >>C:\GroupReport.txt 2>NUL) ELSE (
      DSMod Group "%%g" -RmMbr %UserCN% >>C:\GroupReport.txt 2>NUL)
)
Goto EndScript
:ShowErr
Echo "C:\Groups.txt" file does not exist or file is empty!
:EndScript
IF EXIST C:\TmpUID.txt DEL /F /Q C:\TmpUID.txt
ENDLOCAL
:: *** SCRIPT END ***
0
 
LVL 11

Author Comment

by:bsharath
ID: 19567189
farhankazi
Thanks a lot.Here after please add this OU structure in all ADS script i post.

Thanks a lot again...
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found listed in my profile here: http:…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question