Extending the script for Disabling Users (Farhan)

Hi Farhan,

As you have finished the code which i had requested just need some additions...

1. The description date has to be in this format. (08/17/2007)(MM/DD/YYY) As already i have this in many disabled users..
2. First Name and Last name is also clearing can you change it not to clear..
3. In the Profile the Profile Path should also be cleared.
4. Is there any way to add the script which you made to check the option (Hide from exchange address list)

Will it remove groups member if it is in the Root Domain also.

Regards
Sharath
LVL 11
bsharathAsked:
Who is Participating?
 
Farhan KaziConnect With a Mentor Systems EngineerCommented:
>> 1. The description date has to be in this format. (08/17/2007)(MM/DD/YYY) As already i have this in many disabled users.
       DONE
>> 2. First Name and Last name is also clearing can you change it not to clear..
       DONE
>> 3. In the Profile the Profile Path should also be cleared.
       DONE
>> 4. Is there any way to add the script which you made to check the option (Hide from exchange address list)
        I have no idea how to do with batch script :(
>> Will it remove groups member if it is in the Root Domain also.
        Yes, it will clear all groups.


:: ================
:: READ THIS FIRST
:: ================
:: * Disable User Account Script by Farhan Kazi
:: * Following script requires 'Users.txt ' files from where it will pick samAccountName (NT Login IDs)
::  * You need to set 'NewOU' variables value inside the script to the actual OU distinguished name or name
::  * You need to set 'NewPassword' variables value inside the script to the password you want for disable users
::  * You need to set 'SMTPSrv' variables value inside the script to the actual SMTP server address
::  * You need to set 'ToUser' variables value inside the script to the email address where you want this script to send an email
:: * This script requires 'Blat.exe' to send an email through batch file.  
::      -> Download 'Blat.exe' from following link and extract the .zip file contents into 'C:\Windows\System32' path
::            http://sourceforge.net/project/showfiles.php?group_id=81910&package_id=83961
:: * Copy and paste following script into notepad and save it with any name having .cmd extension
:: * Usage and Syntax:
::                <ScriptName.cmd> [/NoWarning] [/Help]
::    Examples:
::                DisableAccounts.cmd
::                DisableAccounts.cmd /NoWarning
::                DisableAccounts.cmd /Help
::
:: SCRIPT START
@ECHO OFF
SETLOCAL EnableDelayedExpansion

:: Following variables required to be set with actual values
SET NewOU=SALES
SET NewPassword=DisabledUserPwd
SET SMTPSrv=mail.server.net.pk
SET ToUser=MyEmail@domain.com

Cls
IF /I "%1"=="/help" (
      ECHO Usage:
      ECHO   SciptName.cmd [/NoWarning] [/help]
      ECHO   /NoWarning : will hide warning message and run without confirmation.
      ECHO   /help      : will show this help
      ECHO. &Goto :EndScript)

IF /I NOT "%1"=="/NoWarning" (
      ECHO.
      ECHO ------------------------------------------
      ECHO THIS SCRIPT WILL PERFORM FOLLOWING TASKS:
      ECHO ------------------------------------------
      ECHO 1.  Read 'Users.txt' file for usernames
      ECHO 2.  Collect user information and make report
      ECHO 3.  Change user password
      ECHO 4.  Change user description to current date
      ECHO 5.  Remove Manager and Direct Reports
      ECHO 6.  Remove user from all groups
      ECHO 7.  Clear data ^(almost^) from user information fields
      ECHO 8.  Disable user account
      ECHO 9.  Move user account to different OU
      ECHO 10. Send report as an email.
      ECHO.
      ECHO Are You Sure To Perform All Above Tasks?
      ECHO.
      ECHO ********** WARNNING **********
      ECHO YOU CAN NOT UNDO THESE ACTIONS
      ECHO ******************************
      ECHO.
      SET /P Response=Please Enter Your Response [Yes/No]:
      IF /I NOT "!Response!"=="Yes" Goto :EndScript
      ECHO.)      
     
IF EXIST UsersDN.txt DEL /F /Q UsersDN.txt
IF EXIST DAccInfo.txt DEL /F /Q DAccInfo.txt
IF EXIST DirectReports.txt DEL /F /Q DirectReports.txt
IF EXIST DirectReports.ldf DEL /F /Q DirectReports.ldf
IF EXIST Fields.txt DEL /F /Q Fields.txt
IF EXIST Fields.ldf DEL /F /Q Fields.ldf
IF EXIST OUTmpVar.txt DEL /F /Q OUTmpVar.txt
IF EXIST UserGroups.txt DEL /F /Q UserGroups.txt
IF EXIST TmpVar.txt DEL /F /Q TmpVar.txt
IF EXIST Blat.set DEL /F /Q Blat.set

IF NOT EXIST Users.txt Goto ShowErr
FOR %%R IN (Users.txt) Do IF %%~zR EQU 0 Goto ShowErr

ECHO %NewOU%|FIND /I "OU=">NUL
IF NOT ERRORLEVEL 1 (
      DSQuery OU "%NewOU%" 2>NUL |FIND /I "OU=" >NUL
      IF NOT ERRORLEVEL 1 (DSQuery OU "%NewOU%" >OUTmpVar.txt &SET /P OUDN=<OUTmpVar.txt
      ) ELSE (ECHO Invalid OU distinguished name. &Goto :EndScript)
)ELSE (
      DSQuery OU -Name "%NewOU%" |FIND /I "OU=" >NUL
      IF NOT ERRORLEVEL 1 (DSQuery OU -Name "%NewOU%" >OUTmpVar.txt &SET /P OUDN=<OUTmpVar.txt
      )ELSE (ECHO Invalid OU Name. &Goto :EndScript)
)

:: CHECKING USERS DN
ECHO Script started...&ECHO.
FOR /F "delims=*" %%u IN ('TYPE Users.txt') DO (
    ECHO Checking: %%u
      DSQuery User -samID "%%u" |Find /I "CN=" >NUL
    IF NOT ErrorLevel 1 (DSQuery User -samID "%%u" >>UsersDN.txt
      )ELSE (ECHO *ERROR* %%u Not Found in Active Directory.)
)
SET /A TRec=0
SET /A PRec=0
FOR /F %%u IN ('TYPE Users.txt') DO (SET /A TRec+=1)
FOR /F %%u IN ('TYPE UsersDN.txt') DO (SET /A PRec+=1)
ECHO. &ECHO '!PRec!' out of '!TRec!' accounts will be processed... &ECHO.

:: FETCHING USER INFORMATION
ECHO. &ECHO Fetching User Information...
SET Fields=sAMAccountName name description mail physicalDeliveryOfficeName info
ECHO =======================================>>DAccInfo.txt
FOR /F "delims=*" %%u IN ('TYPE UsersDN.txt') DO (
      SET /A Counter=1
      FOR /F "Tokens=2* Delims=:" %%a IN ('DSQuery * %%u -Attr !Fields! -L') DO ((
            IF "!Counter!"=="1" ECHO  NT Login ID: %%a
            IF "!Counter!"=="2" ECHO    Full Name: %%a
            IF "!Counter!"=="3" ECHO  Employee ID: %%a
            IF "!Counter!"=="4" ECHO        Email: %%a
            IF "!Counter!"=="5" ECHO      Seat No: %%a
            IF "!Counter!"=="6" ECHO Machine Name: %%a)>>DAccInfo.txt
            SET /A Counter+=1)
            ECHO.>>DAccInfo.txt
            ECHO Manager: >>DAccInfo.txt
            DSQuery * %%u -Attr manager -L>TmpVar.txt
            FOR /F "delims=*" %%x IN ('TYPE TmpVar.txt') DO (
                        DSGet User "%%x" -samid -c 2>NUL |FIND /V "dsget" |FIND /V "samid" >>DAccInfo.txt)
            ECHO.>>DAccInfo.txt
            ECHO Direct Reports: >>DAccInfo.txt
            DSQuery * %%u -Attr directReports -L>TmpVar.txt
            FOR /F "delims=*" %%x IN ('TYPE TmpVar.txt') DO (
                        DSGet User "%%x" -samid -c 2>NUL |FIND /V "dsget" |FIND /V "samid" >>DAccInfo.txt)
            ECHO.>>DAccInfo.txt
            ECHO Group Membership: >>DAccInfo.txt
            DSQuery * %%u -Attr memberOf -L>TmpVar.txt
            FOR /F "delims=*" %%x IN ('TYPE TmpVar.txt') DO (
                        DSGet Group "%%x" -samid -c 2>NUL |FIND /V "dsget" |FIND /V "samid" >>DAccInfo.txt)
            ECHO =======================================>>DAccInfo.txt)
)

:: DISABLE USERS,  CHANGE PASSWORD, DATE DESCRIPTION
ECHO. &ECHO Disabling Users, Changing Description and Password...
FOR /F "Tokens=2-4 Delims=/ " %%a IN ('Date /T') DO SET CDate=%%a/%%b/%%c
FOR /F "delims=*" %%u IN ('TYPE UsersDN.txt') Do (
      DSMod User %%u -pwd "!NewPassword!" -desc "!CDate!" -disabled Yes)

:: REMOVING USER GROUPS
ECHO. &ECHO Removing User Groups...
FOR /F "delims=*" %%u IN ('TYPE UsersDN.txt') DO (
      DSQuery * %%u -Attr memberOf -L >UserGroups.txt
      FOR /F "delims=*" %%g IN ('TYPE UserGroups.txt') DO (DSMod Group "%%g" -RmMbr %%u)
)

:: CLEARING DIRECT REPORTS
ECHO. &ECHO Clearing Direct Reports...
FOR /F "delims=*" %%u IN ('TYPE UsersDN.txt') DO (
      DSQuery * %%u -Attr directReports -L >>DirectReports.txt)
FOR /F "delims=*" %%u IN ('TYPE DirectReports.txt') DO ((
      ECHO DN: %%u
      ECHO changetype: modify
      ECHO replace: manager
      ECHO manager: %%u
      ECHO -
      ECHO.
      ECHO DN: %%u
      ECHO changetype: modify
      ECHO delete: manager
      ECHO -
      ECHO.)>>DirectReports.ldf)      
IF EXIST DirectReports.ldf LDIFDE -I -K -F DirectReports.ldf

:: CLEARING FIELDS
ECHO. &ECHO Clearing Fields...
(      
      ECHO initials
      ECHO Title
      ECHO department
      ECHO company
      ECHO physicalDeliveryOfficeName
      ECHO telephoneNumber
      ECHO mobile
      ECHO info
      ECHO homePhone
      ECHO facsimileTelephoneNumber
      ECHO pager
      ECHO ipPhone
      ECHO wWWHomePage
      ECHO streetAddress
      ECHO postOfficeBox
      ECHO l
      ECHO St
      ECHO postalCode
      ECHO c
      ECHO userWorkstations
        ECHO profilePath
      ECHO scriptPath
      ECHO homeDirectory
      ECHO homeDrive)>Fields.txt

FOR /F "delims=*" %%u IN ('TYPE UsersDN.txt') Do (
      FOR /F %%f IN ('TYPE Fields.txt') DO ((
            ECHO DN: %%~u
            ECHO changetype: modify
            ECHO replace: %%f
            ECHO %%f: -
            ECHO -
            ECHO.
            ECHO DN: %%~u
            ECHO changetype: modify
            ECHO delete: %%f
            ECHO -
            ECHO.)>>Fields.ldf)
            (
            ECHO DN: %%~u
            ECHO changetype: modify
            ECHO replace: manager
            ECHO manager: %%~u
            ECHO -
            ECHO.
            ECHO DN: %%~u
            ECHO changetype: modify
            ECHO delete: manager
            ECHO -
            ECHO.
            ECHO DN: %%~u
            ECHO changetype: modify
            ECHO delete: logonHours
            ECHO -
            ECHO.)>>Fields.ldf)
)
IF EXIST Fields.ldf LDIFDE -I -K -F Fields.ldf

:: MOVING USERS TO DIFFERENT OU
ECHO. &ECHO Moving Users to Different OU...
FOR /F "delims=*" %%u IN ('TYPE UsersDN.txt') DO (
      DSMove %%u -NewParent %OUDN%)

:: SENDING EMAIL
ECHO. &ECHO Sending Email...
(   ECHO -server %SMTPSrv%
    ECHO -to %ToUser%
    ECHO -f  AccountInfo@mydomain.com
    ECHO -subject "Disabled Accounts Info."
    ECHO -bodyF DAccInfo.txt
    ECHO -timestamp
    ECHO -debug
    ECHO -overwritelog
    ECHO -Log %TMP%\BlatLog.txt
)>Blat.set
Blat -of Blat.set >NUL
Goto :ClearTempFiles

:ShowErr
ECHO "Users.txt" file does not exist or file is empty!
Goto EndScript

:ClearTempFiles
ECHO. &ECHO Clearing Temporary Files...
IF EXIST UsersDN.txt DEL /F /Q UsersDN.txt
IF EXIST DirectReports.txt DEL /F /Q DirectReports.txt
IF EXIST DirectReports.ldf DEL /F /Q DirectReports.ldf
IF EXIST Fields.txt DEL /F /Q Fields.txt
IF EXIST Fields.ldf DEL /F /Q Fields.ldf
IF EXIST OUTmpVar.txt DEL /F /Q OUTmpVar.txt
IF EXIST UserGroups.txt DEL /F /Q UserGroups.txt
IF EXIST TmpVar.txt DEL /F /Q TmpVar.txt
IF EXIST Blat.set DEL /F /Q Blat.set

:EndScript
ECHO Exiting...
ENDLOCAL
EXIT /B 0
:: *** SCRIPT END ***
back to top




0
 
bsharathAuthor Commented:
Thanks a lot Farhan...

Any help with the other posts...
If you have time...


0
 
bsharathAuthor Commented:
Farhan a little help on this post.Please...
http://www.experts-exchange.com/Programming/Languages/Scripting/Q_23274061.html
Its the same disabling question with just 2 additions
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.