Solved

Remove groups from users different groups from different users. File as this.

Posted on 2008-10-03
11
212 Views
Last Modified: 2012-05-05
Hi,

Remove groups from users different groups from different users. File as this.

I have a txt file as
Username,Group1,Group3
Username1,Groups3,Group4
Username2,Group6,Group1

So when script run has to query the first name and remove just these groups next to the users.
So each user may have different groups for each. Any way of doing this.

Regards
Sharath
0
Comment
Question by:bsharath
  • 6
  • 5
11 Comments
 
LVL 5

Expert Comment

by:si_shamil
Comment Utility
Are you have an Active Directory environment or you just want it for Local computer?
0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
Its an Active directory environment
0
 
LVL 5

Expert Comment

by:si_shamil
Comment Utility
Use this script, save it to "DeleteFromGroup.vbs"
Note: Runt it from command line!!!

Usage: cscript //NoLogo DeleteFromGroup.vbs --usersfile <file_path>
Example: cscript //NoLogo DeleteFromGroup.vbs --usersfile users.txt
'===============================================================================

' Script Name  : DeleteFromGroup.vbs

' Usage Syntax : cscript.exe //NoLogo DeleteFromGroup.vbs --usersfile <file_path>

' Author       : Alex Simenduev, PlanetIT.WS (http://www.planetit.ws)

' Version      : 1.0.1

' LastModified : 5/10/2008

' Description  : Removes users from groups by parsing a users text file.

'                Users file syntax: <USERNAME>.<GROUP[,GROUP[,...]]>

'                Example:

'                         user1, group1, group2

'                         user4, group8, group2, group3, group10

'===============================================================================

Option Explicit
 

' Global Variables

Dim gsUsage : gsUsage = "Usage: " & Wscript.ScriptName & " --usersfile <file_path>"

Dim gsFile, goFile, gsLine, gaSplitedLine, gsUser, gsGroup, gsUserDN, gsGroupDN
 

' Parse Command Line arguments

If Wscript.Arguments.Count = 2 Then

    If Lcase(Wscript.Arguments.Item(0)) = "--usersfile" Then

        gsFile = Wscript.Arguments.Item(1)

    Else

        Wscript.Echo gsUsage

        Wscript.Quit    

    End If

Else

    Wscript.Echo gsUsage

    Wscript.Quit

End If
 

Wscript.Echo "Opening Users file ('" & gsFile & "')..."

If openUserFile(gsFile) Then

    While Not goFile.AtEndOfStream

        gsLine = goFile.ReadLine

        

        ' Skip empty lines

        If gsLine <> "" Then

            gaSplitedLine = Split(gsLine, ",")

            If Ubound(gaSplitedLine) = 0 Then

                Wscript.Echo "Line '" & gsLine & "' cannot be parsed, skipping..."

            Else

                gsUser = Trim(gaSplitedLine(0))

                gsUserDN = GetUserDN(gsUser)

                

                Dim i : For i = 1 to Ubound(gaSplitedLine)

                    gsGroup = Trim(gaSplitedLine(i))

                    gsGroupDN = GetGroupDN(gsGroup)

                    

                    If gsUserDN <> "" AND gsGroupDN <> "" Then

                        Wscript.StdOut.Write "Removing user '" & gsUser & "' from '" & gsGroup & "' group..."

                        If removeUserFromGroup(gsUserDN, gsGroupDN) Then Wscript.Echo "Sucsess."

                    End If

                Next

            End If

        End If

    Wend

    

    goFile.Close

End If
 

'===============================================================================

' Function Name  : openUserFile(pFileName)

' Return value   : Boolean (True or False)

' Author         : Alex Simenduev, www.planetit.ws

' Date           : 04/10/2008

' Description    : Opens a file with user/group info

'===============================================================================

Function openUserFile(pFileName) : openUserFile = False : On Error Resume Next 

    Dim objFSO  : Set objFSO = CreateObject("Scripting.FileSystemObject")

    

    If objFSO.FileExists(pFileName) Then

        Set goFile = objFSO.OpenTextFile(pFileName)

        If Err.Number = 0 Then openUserFile = True

    Else

        Wscript.Echo "File '" & pFileName & "' not exists."

    End If

    

    Set objFile = Nothing

    Set objFSO = Nothing

End Function
 

'===============================================================================

' Function Name  : removeUserFromGroup(pUserDN, pGroupDN)

' Return value   : Boolean (True or False)

' Author         : Alex Simenduev, www.planetit.ws

' Date           : 04/10/2008

' Description    : Removes a given user from given group

'===============================================================================

Function removeUserFromGroup(pUserDN, pGroupDN) : removeUserFromGroup = False : On Error Resume Next

    Dim objGroup    : Set objUser = GetObject("LDAP://" & pUserDN)

    Dim objUser     : Set objGroup = GetObject("LDAP://" & pGroupDN)    
 

    If objGroup.IsMember(objUser.AdsPath) Then

        objGroup.Remove(objUser.AdsPath)

        If Err.Number = 0 Then removeUserFromGroup = True

    Else

        Wscript.Echo "Failed (not member of '" & objGroup.cn & "')."

    End If
 

    Set objGroup = Nothing

    Set objUser = Nothing

End Function
 

'===============================================================================

' Function Name  : getUserDN(pUserName)

' Return value   : String of Distinguished Name

' Author         : Alex Simenduev, www.planetit.ws

' Date           : 04/10/2008

' Description    : Gets the Distinguished Name from the given user name

'===============================================================================

Function getUserDN(pUserName) : getUserDN = "" : On Error Resume Next

    Dim objRootDSE  : Set objRootDSE = GetObject("LDAP://RootDSE")

    Dim strDomainDN : strDomainDN = objRootDSE.Get("defaultNamingContext")
 

    Dim strBase     : strBase	= "<LDAP://" & strDomainDN & ">;"    

    Dim strFilter   : strFilter	= "(&(objectCategory=person)(objectClass=user)(sAMAccountname=" & pUserName & "));"

    Dim strAttrs    : strAttrs	= "distinguishedName;"

    Dim strScope    : strScope	= "subtree"
 

    Dim objConn     : Set objConn = CreateObject("ADODB.Connection")

    objConn.Open "Provider=ADsDSOObject;"
 

    Dim objRS       : Set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope)

    If Err.Number <> 0 Then

        ' Query failed

        Wscript.Echo "User name lookup for '" &  pUserName & "' failed, error number: " & Err.Number

        Exit Function

    End If

    

    ' Query succeeded

    If objRS.RecordCount = 0 Then

        WScript.Echo "User '" & pUserName & "' not found."

    Else

        objRS.MoveFirst

        getUserDN = objRS.Fields("distinguishedName")

    End If
 

    Set objRS = Nothing 

    Set objConn = Nothing

    Set objRootDSE = Nothing

End Function
 

'===============================================================================

' Function Name  : getGroupDN(pUserName)

' Return value   : String of Distinguished Name

' Author         : Alex Simenduev, www.planetit.ws

' Date           : 04/10/2008

' Description    : Gets the Distinguished Name from the given group name

'===============================================================================

Function getGroupDN(pGroupName) : getGroupDN = "" : On Error Resume Next

    Dim objRootDSE  : Set objRootDSE = GetObject("LDAP://RootDSE")

    Dim strDomainDN : strDomainDN = objRootDSE.Get("defaultNamingContext")
 

    Dim strBase     : strBase	= "<LDAP://" & strDomainDN & ">;"    

    Dim strFilter   : strFilter	= "(&(objectCategory=group)(cn=" & pGroupName & "));"

    Dim strAttrs    : strAttrs	= "distinguishedName;"

    Dim strScope    : strScope	= "subtree"
 

    Dim objConn     : Set objConn = CreateObject("ADODB.Connection")

    objConn.Open "Provider=ADsDSOObject;"
 

    Dim objRS       : Set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope)

    If Err.Number <> 0 Then

        ' Query failed

        Wscript.Echo "Group name lookup for '" &  pGroupName & "' failed, error number: " & Err.Number

        Exit Function

    End If

    

    ' Query succeeded

    If objRS.RecordCount = 0 Then

        WScript.Echo "Group '" & pGroupName & "' not found."

    Else

        objRS.MoveFirst

        getGroupDN = objRS.Fields("distinguishedName")

    End If
 

    Set objRS = Nothing 

    Set objConn = Nothing

    Set objRootDSE = Nothing

End Function

Open in new window

0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
Thank U... Will this work for groups that are on the root Domain?
0
 
LVL 5

Expert Comment

by:si_shamil
Comment Utility
No it will work for domain that running user belongs to.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 11

Author Comment

by:bsharath
Comment Utility
Can you add the case to remove the groups no matter which domain they are.

I have users who are a member of a group in the local domain and the root domain too....
0
 
LVL 5

Expert Comment

by:si_shamil
Comment Utility
The script is not an issue, it can be changed to work with all Forest easily. The issue is your txt file.
If you have group in local domain with same name that in root doamin, then it is impossible to know what group you meant when specified in the TXT file.

0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
It works perfect on a local Domain....
Thank U
Can you add the functionality to remove groups even if the user is a member in the root domain
0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
No i will no way have that senario.... The groups are unique.
Only case we need to think is if the groups name is "India" then it has to remove just "India" not groups as "India1" or "1_India"

Only if found exact match then remove...
0
 
LVL 5

Accepted Solution

by:
si_shamil earned 500 total points
Comment Utility
OK, up to you, if you do have similar names across domains, then script may remove wrong group from the user.

Regarding the group name, it will search only for exact name, so don't worry

Here is a changed script.
'===============================================================================

' Script Name  : DeleteFromGroup.vbs

' Usage Syntax : cscript.exe //NoLogo DeleteFromGroup.vbs --usersfile <file_path>

' Author       : Alex Simenduev, PlanetIT.WS (http://www.planetit.ws)

' Version      : 1.0.1

' LastModified : 5/10/2008

' Description  : Removes users from groups by parsing a users text file.

'                Users file syntax: <USERNAME>.<GROUP[,GROUP[,...]]>

'                Example:

'                         user1, group1, group2

'                         user4, group8, group2, group3, group10

'===============================================================================

Option Explicit

 

' Global Variables

Dim gsUsage : gsUsage = "Usage: " & Wscript.ScriptName & " --usersfile <file_path>"

Dim gsFile, goFile, gsLine, gaSplitedLine, gsUser, gsGroup, gsUserDN, gsGroupDN

 

' Parse Command Line arguments

If Wscript.Arguments.Count = 2 Then

    If Lcase(Wscript.Arguments.Item(0)) = "--usersfile" Then

        gsFile = Wscript.Arguments.Item(1)

    Else

        Wscript.Echo gsUsage

        Wscript.Quit    

    End If

Else

    Wscript.Echo gsUsage

    Wscript.Quit

End If

 

Wscript.Echo "Opening Users file ('" & gsFile & "')..."

If openUserFile(gsFile) Then

    While Not goFile.AtEndOfStream

        gsLine = goFile.ReadLine

        

        ' Skip empty lines

        If gsLine <> "" Then

            gaSplitedLine = Split(gsLine, ",")

            If Ubound(gaSplitedLine) = 0 Then

                Wscript.Echo "Line '" & gsLine & "' cannot be parsed, skipping..."

            Else

                gsUser = Trim(gaSplitedLine(0))

                gsUserDN = GetUserDN(gsUser)

                

                Dim i : For i = 1 to Ubound(gaSplitedLine)

                    gsGroup = Trim(gaSplitedLine(i))

                    gsGroupDN = GetGroupDN(gsGroup)

                    

                    If gsUserDN <> "" AND gsGroupDN <> "" Then

                        Wscript.StdOut.Write "Removing user '" & gsUser & "' from '" & gsGroup & "' group..."

                        If removeUserFromGroup(gsUserDN, gsGroupDN) Then Wscript.Echo "Sucsess."

                    End If

                Next

            End If

        End If

    Wend

    

    goFile.Close

End If

 

'===============================================================================

' Function Name  : openUserFile(pFileName)

' Return value   : Boolean (True or False)

' Author         : Alex Simenduev, www.planetit.ws

' Date           : 04/10/2008

' Description    : Opens a file with user/group info

'===============================================================================

Function openUserFile(pFileName) : openUserFile = False : On Error Resume Next 

    Dim objFSO  : Set objFSO = CreateObject("Scripting.FileSystemObject")

    

    If objFSO.FileExists(pFileName) Then

        Set goFile = objFSO.OpenTextFile(pFileName)

        If Err.Number = 0 Then openUserFile = True

    Else

        Wscript.Echo "File '" & pFileName & "' not exists."

    End If

    

    Set objFile = Nothing

    Set objFSO = Nothing

End Function

 

'===============================================================================

' Function Name  : removeUserFromGroup(pUserDN, pGroupDN)

' Return value   : Boolean (True or False)

' Author         : Alex Simenduev, www.planetit.ws

' Date           : 04/10/2008

' Description    : Removes a given user from given group

'===============================================================================

Function removeUserFromGroup(pUserDN, pGroupDN) : removeUserFromGroup = False : On Error Resume Next

    Dim objGroup    : Set objUser = GetObject("LDAP://" & pUserDN)

    Dim objUser     : Set objGroup = GetObject("LDAP://" & pGroupDN)    

 

    If objGroup.IsMember(objUser.AdsPath) Then

        objGroup.Remove(objUser.AdsPath)

        If Err.Number = 0 Then removeUserFromGroup = True

    Else

        Wscript.Echo "Failed (not member of '" & objGroup.cn & "')."

    End If

 

    Set objGroup = Nothing

    Set objUser = Nothing

End Function

 

'===============================================================================

' Function Name  : getUserDN(pUserName)

' Return value   : String of Distinguished Name

' Author         : Alex Simenduev, www.planetit.ws

' Date           : 04/10/2008

' Description    : Gets the Distinguished Name from the given user name

'===============================================================================

Function getUserDN(pUserName) : getUserDN = "" : On Error Resume Next

    Dim objRootDSE  : Set objRootDSE = GetObject("LDAP://RootDSE")

    Dim strDomainDN : strDomainDN = objRootDSE.Get("defaultNamingContext")

 

    Dim strBase     : strBase	= "<LDAP://" & strDomainDN & ">;"    

    Dim strFilter   : strFilter	= "(&(objectCategory=person)(objectClass=user)(sAMAccountname=" & pUserName & "));"

    Dim strAttrs    : strAttrs	= "distinguishedName;"

    Dim strScope    : strScope	= "subtree"

 

    Dim objConn     : Set objConn = CreateObject("ADODB.Connection")

    objConn.Open "Provider=ADsDSOObject;"

 

    Dim objRS       : Set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope)

    If Err.Number <> 0 Then

        ' Query failed

        Wscript.Echo "User name lookup for '" &  pUserName & "' failed, error number: " & Err.Number

        Exit Function

    End If

    

    ' Query succeeded

    If objRS.RecordCount = 0 Then

        WScript.Echo "User '" & pUserName & "' not found."

    Else

        objRS.MoveFirst

        getUserDN = objRS.Fields("distinguishedName")

    End If

 

    Set objRS = Nothing 

    Set objConn = Nothing

    Set objRootDSE = Nothing

End Function

 

'===============================================================================

' Function Name  : getGroupDN(pUserName)

' Return value   : String of Distinguished Name

' Author         : Alex Simenduev, www.planetit.ws

' Date           : 04/10/2008

' Description    : Gets the Distinguished Name from the given group name

'===============================================================================

Function getGroupDN(pGroupName) : getGroupDN = "" : On Error Resume Next

    Dim objRootDSE  : Set objRootDSE = GetObject("LDAP://RootDSE")

    Dim strDomainDN : strDomainDN = objRootDSE.Get("defaultNamingContext")

 

    Dim strBase     : strBase	= "<GC://" & strDomainDN & ">;"    

    Dim strFilter   : strFilter	= "(&(objectCategory=group)(cn=" & pGroupName & "));"

    Dim strAttrs    : strAttrs	= "distinguishedName;"

    Dim strScope    : strScope	= "subtree"

 

    Dim objConn     : Set objConn = CreateObject("ADODB.Connection")

    objConn.Open "Provider=ADsDSOObject;"

 

    Dim objRS       : Set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope)

    If Err.Number <> 0 Then

        ' Query failed

        Wscript.Echo "Group name lookup for '" &  pGroupName & "' failed, error number: " & Err.Number

        Exit Function

    End If

    

    ' Query succeeded

    If objRS.RecordCount = 0 Then

        WScript.Echo "Group '" & pGroupName & "' not found."

    Else

        objRS.MoveFirst

        getGroupDN = objRS.Fields("distinguishedName")

    End If

 

    Set objRS = Nothing 

    Set objConn = Nothing

    Set objRootDSE = Nothing

End Function

Open in new window

0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Introduction: Recently, I got a requirement to zip all files individually with batch file script in Windows OS. I don't know much about scripting, but I searched Google and found a lot of examples and websites to complete my task. Finally, I was ab…
Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
Learn the basics of lists in Python. Lists, as their name suggests, are a means for ordering and storing values. : Lists are declared using brackets; for example: t = [1, 2, 3]: Lists may contain a mix of data types; for example: t = ['string', 1, T…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now