[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1116
  • Last Modified:

Find all disabled users direct reportees and remove them.

Hi,

I want a way to find all disabled users if they have direct reporters and remove them from the managers stste.

I have this that displays the users with direct reportees names.

DSQuery * -Filter "(&(objectCategory=user)(samAccountName=*)(directReports=*)(userAccountControl:1.2.840.113556.1.4.803:=2))" >C:\DisabledUsersWithDirectReports.

Can this be edited to remove them.,

Regards
Sharath
0
bsharath
Asked:
bsharath
  • 5
  • 3
1 Solution
 
ll_jaxnCommented:
use the filesystemobject to read the file one line at a time and execute the delete

Or instead of doing a Query, to a delete with the same fileter
0
 
Farhan KaziSystems EngineerCommented:
Hi Sharath,
Check following script if this works for you.

::  *** SCRIPT START  ***
@ECHO OFF
IF EXIST RemoveMgr.ldf DEL /F /Q RemoveMgr.ldf
DSQuery * -Filter "(&(sAMAccountType=805306368)(userAccountControl:1.2.840.113556.1.4.803:=2)(directReports=*))" -Attr directReports -L -Limit 0 >RemoveMgr.txt
FOR /F "delims=*" %%u IN ('TYPE RemoveMgr.txt') DO (
    ECHO Processing: %%u
      (      ECHO DN: %%u
            ECHO changetype: modify
            ECHO delete: Manager
            ECHO -
            ECHO.)>>RemoveMgr.ldf)
IF EXIST RemoveMgr.ldf LDIFDE -I -K -F RemoveMgr.ldf
IF EXIST RemoveMgr.ldf DEL /F /Q RemoveMgr.ldf
IF EXIST RemoveMgr.txt DEL /F /Q RemoveMgr.txt
EXIT /B 0
:: *** SCRIPT END ***
0
 
bsharathAuthor Commented:
Farhan i think it works fine..But after it removes can i get a results file.On what has been removed...
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
bsharathAuthor Commented:
Its working fine.It has removed all users who have managers that are disabled...Thanks...If a report at the end is possible it would be great
0
 
Farhan KaziSystems EngineerCommented:
What report should include?
0
 
bsharathAuthor Commented:
What all it has removed from direct reportees
0
 
Farhan KaziSystems EngineerCommented:
::  *** SCRIPT START  ***
@ECHO OFF
IF EXIST RemoveMgr.ldf DEL /F /Q RemoveMgr.ldf
IF EXIST RemoveMgrRpt.txt DEL /F /Q RemoveMgrRpt.txt
DSQuery * -Filter "(&(sAMAccountType=805306368)(userAccountControl:1.2.840.113556.1.4.803:=2)(directReports=*))" -Attr directReports -L -Limit 0 >RemoveMgr.txt
FOR /F "delims=*" %%u IN ('TYPE RemoveMgr.txt') DO (
        ECHO Processing: %%u
      FOR /F "delims=*" %%m IN ('DSQuery * "%%u" -Attr Manager -L') DO (
      ECHO Removing: %%m From: %%u >>RemoveMgrRpt.txt)
          (   ECHO DN: %%u
            ECHO changetype: modify
            ECHO delete: Manager
            ECHO -
            ECHO.)>>RemoveMgr.ldf)
ECHO.
IF EXIST RemoveMgr.ldf LDIFDE -I -K -F RemoveMgr.ldf
IF EXIST RemoveMgr.ldf DEL /F /Q RemoveMgr.ldf
IF EXIST RemoveMgr.txt DEL /F /Q RemoveMgr.txt
EXIT /B 0
:: *** SCRIPT END ***
0
 
bsharathAuthor Commented:
Thanks Farhan....
0
 
bsharathAuthor Commented:
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now