Solved

Remove groups from users different groups from different users. File as this.

Posted on 2008-10-03
11
218 Views
Last Modified: 2012-05-05
Hi,

Remove groups from users different groups from different users. File as this.

I have a txt file as
Username,Group1,Group3
Username1,Groups3,Group4
Username2,Group6,Group1

So when script run has to query the first name and remove just these groups next to the users.
So each user may have different groups for each. Any way of doing this.

Regards
Sharath
0
Comment
Question by:bsharath
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 5

Expert Comment

by:si_shamil
ID: 22639019
Are you have an Active Directory environment or you just want it for Local computer?
0
 
LVL 11

Author Comment

by:bsharath
ID: 22639760
Its an Active directory environment
0
 
LVL 5

Expert Comment

by:si_shamil
ID: 22640586
Use this script, save it to "DeleteFromGroup.vbs"
Note: Runt it from command line!!!

Usage: cscript //NoLogo DeleteFromGroup.vbs --usersfile <file_path>
Example: cscript //NoLogo DeleteFromGroup.vbs --usersfile users.txt
'===============================================================================
' Script Name  : DeleteFromGroup.vbs
' Usage Syntax : cscript.exe //NoLogo DeleteFromGroup.vbs --usersfile <file_path>
' Author       : Alex Simenduev, PlanetIT.WS (http://www.planetit.ws)
' Version      : 1.0.1
' LastModified : 5/10/2008
' Description  : Removes users from groups by parsing a users text file.
'                Users file syntax: <USERNAME>.<GROUP[,GROUP[,...]]>
'                Example:
'                         user1, group1, group2
'                         user4, group8, group2, group3, group10
'===============================================================================
Option Explicit
 
' Global Variables
Dim gsUsage : gsUsage = "Usage: " & Wscript.ScriptName & " --usersfile <file_path>"
Dim gsFile, goFile, gsLine, gaSplitedLine, gsUser, gsGroup, gsUserDN, gsGroupDN
 
' Parse Command Line arguments
If Wscript.Arguments.Count = 2 Then
    If Lcase(Wscript.Arguments.Item(0)) = "--usersfile" Then
        gsFile = Wscript.Arguments.Item(1)
    Else
        Wscript.Echo gsUsage
        Wscript.Quit    
    End If
Else
    Wscript.Echo gsUsage
    Wscript.Quit
End If
 
Wscript.Echo "Opening Users file ('" & gsFile & "')..."
If openUserFile(gsFile) Then
    While Not goFile.AtEndOfStream
        gsLine = goFile.ReadLine
        
        ' Skip empty lines
        If gsLine <> "" Then
            gaSplitedLine = Split(gsLine, ",")
            If Ubound(gaSplitedLine) = 0 Then
                Wscript.Echo "Line '" & gsLine & "' cannot be parsed, skipping..."
            Else
                gsUser = Trim(gaSplitedLine(0))
                gsUserDN = GetUserDN(gsUser)
                
                Dim i : For i = 1 to Ubound(gaSplitedLine)
                    gsGroup = Trim(gaSplitedLine(i))
                    gsGroupDN = GetGroupDN(gsGroup)
                    
                    If gsUserDN <> "" AND gsGroupDN <> "" Then
                        Wscript.StdOut.Write "Removing user '" & gsUser & "' from '" & gsGroup & "' group..."
                        If removeUserFromGroup(gsUserDN, gsGroupDN) Then Wscript.Echo "Sucsess."
                    End If
                Next
            End If
        End If
    Wend
    
    goFile.Close
End If
 
'===============================================================================
' Function Name  : openUserFile(pFileName)
' Return value   : Boolean (True or False)
' Author         : Alex Simenduev, www.planetit.ws
' Date           : 04/10/2008
' Description    : Opens a file with user/group info
'===============================================================================
Function openUserFile(pFileName) : openUserFile = False : On Error Resume Next 
    Dim objFSO  : Set objFSO = CreateObject("Scripting.FileSystemObject")
    
    If objFSO.FileExists(pFileName) Then
        Set goFile = objFSO.OpenTextFile(pFileName)
        If Err.Number = 0 Then openUserFile = True
    Else
        Wscript.Echo "File '" & pFileName & "' not exists."
    End If
    
    Set objFile = Nothing
    Set objFSO = Nothing
End Function
 
'===============================================================================
' Function Name  : removeUserFromGroup(pUserDN, pGroupDN)
' Return value   : Boolean (True or False)
' Author         : Alex Simenduev, www.planetit.ws
' Date           : 04/10/2008
' Description    : Removes a given user from given group
'===============================================================================
Function removeUserFromGroup(pUserDN, pGroupDN) : removeUserFromGroup = False : On Error Resume Next
    Dim objGroup    : Set objUser = GetObject("LDAP://" & pUserDN)
    Dim objUser     : Set objGroup = GetObject("LDAP://" & pGroupDN)    
 
    If objGroup.IsMember(objUser.AdsPath) Then
        objGroup.Remove(objUser.AdsPath)
        If Err.Number = 0 Then removeUserFromGroup = True
    Else
        Wscript.Echo "Failed (not member of '" & objGroup.cn & "')."
    End If
 
    Set objGroup = Nothing
    Set objUser = Nothing
End Function
 
'===============================================================================
' Function Name  : getUserDN(pUserName)
' Return value   : String of Distinguished Name
' Author         : Alex Simenduev, www.planetit.ws
' Date           : 04/10/2008
' Description    : Gets the Distinguished Name from the given user name
'===============================================================================
Function getUserDN(pUserName) : getUserDN = "" : On Error Resume Next
    Dim objRootDSE  : Set objRootDSE = GetObject("LDAP://RootDSE")
    Dim strDomainDN : strDomainDN = objRootDSE.Get("defaultNamingContext")
 
    Dim strBase     : strBase	= "<LDAP://" & strDomainDN & ">;"    
    Dim strFilter   : strFilter	= "(&(objectCategory=person)(objectClass=user)(sAMAccountname=" & pUserName & "));"
    Dim strAttrs    : strAttrs	= "distinguishedName;"
    Dim strScope    : strScope	= "subtree"
 
    Dim objConn     : Set objConn = CreateObject("ADODB.Connection")
    objConn.Open "Provider=ADsDSOObject;"
 
    Dim objRS       : Set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope)
    If Err.Number <> 0 Then
        ' Query failed
        Wscript.Echo "User name lookup for '" &  pUserName & "' failed, error number: " & Err.Number
        Exit Function
    End If
    
    ' Query succeeded
    If objRS.RecordCount = 0 Then
        WScript.Echo "User '" & pUserName & "' not found."
    Else
        objRS.MoveFirst
        getUserDN = objRS.Fields("distinguishedName")
    End If
 
    Set objRS = Nothing 
    Set objConn = Nothing
    Set objRootDSE = Nothing
End Function
 
'===============================================================================
' Function Name  : getGroupDN(pUserName)
' Return value   : String of Distinguished Name
' Author         : Alex Simenduev, www.planetit.ws
' Date           : 04/10/2008
' Description    : Gets the Distinguished Name from the given group name
'===============================================================================
Function getGroupDN(pGroupName) : getGroupDN = "" : On Error Resume Next
    Dim objRootDSE  : Set objRootDSE = GetObject("LDAP://RootDSE")
    Dim strDomainDN : strDomainDN = objRootDSE.Get("defaultNamingContext")
 
    Dim strBase     : strBase	= "<LDAP://" & strDomainDN & ">;"    
    Dim strFilter   : strFilter	= "(&(objectCategory=group)(cn=" & pGroupName & "));"
    Dim strAttrs    : strAttrs	= "distinguishedName;"
    Dim strScope    : strScope	= "subtree"
 
    Dim objConn     : Set objConn = CreateObject("ADODB.Connection")
    objConn.Open "Provider=ADsDSOObject;"
 
    Dim objRS       : Set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope)
    If Err.Number <> 0 Then
        ' Query failed
        Wscript.Echo "Group name lookup for '" &  pGroupName & "' failed, error number: " & Err.Number
        Exit Function
    End If
    
    ' Query succeeded
    If objRS.RecordCount = 0 Then
        WScript.Echo "Group '" & pGroupName & "' not found."
    Else
        objRS.MoveFirst
        getGroupDN = objRS.Fields("distinguishedName")
    End If
 
    Set objRS = Nothing 
    Set objConn = Nothing
    Set objRootDSE = Nothing
End Function

Open in new window

0
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

 
LVL 11

Author Comment

by:bsharath
ID: 22640612
Thank U... Will this work for groups that are on the root Domain?
0
 
LVL 5

Expert Comment

by:si_shamil
ID: 22640635
No it will work for domain that running user belongs to.
0
 
LVL 11

Author Comment

by:bsharath
ID: 22640664
Can you add the case to remove the groups no matter which domain they are.

I have users who are a member of a group in the local domain and the root domain too....
0
 
LVL 5

Expert Comment

by:si_shamil
ID: 22640701
The script is not an issue, it can be changed to work with all Forest easily. The issue is your txt file.
If you have group in local domain with same name that in root doamin, then it is impossible to know what group you meant when specified in the TXT file.

0
 
LVL 11

Author Comment

by:bsharath
ID: 22640724
It works perfect on a local Domain....
Thank U
Can you add the functionality to remove groups even if the user is a member in the root domain
0
 
LVL 11

Author Comment

by:bsharath
ID: 22640729
No i will no way have that senario.... The groups are unique.
Only case we need to think is if the groups name is "India" then it has to remove just "India" not groups as "India1" or "1_India"

Only if found exact match then remove...
0
 
LVL 5

Accepted Solution

by:
si_shamil earned 500 total points
ID: 22640755
OK, up to you, if you do have similar names across domains, then script may remove wrong group from the user.

Regarding the group name, it will search only for exact name, so don't worry

Here is a changed script.
'===============================================================================
' Script Name  : DeleteFromGroup.vbs
' Usage Syntax : cscript.exe //NoLogo DeleteFromGroup.vbs --usersfile <file_path>
' Author       : Alex Simenduev, PlanetIT.WS (http://www.planetit.ws)
' Version      : 1.0.1
' LastModified : 5/10/2008
' Description  : Removes users from groups by parsing a users text file.
'                Users file syntax: <USERNAME>.<GROUP[,GROUP[,...]]>
'                Example:
'                         user1, group1, group2
'                         user4, group8, group2, group3, group10
'===============================================================================
Option Explicit
 
' Global Variables
Dim gsUsage : gsUsage = "Usage: " & Wscript.ScriptName & " --usersfile <file_path>"
Dim gsFile, goFile, gsLine, gaSplitedLine, gsUser, gsGroup, gsUserDN, gsGroupDN
 
' Parse Command Line arguments
If Wscript.Arguments.Count = 2 Then
    If Lcase(Wscript.Arguments.Item(0)) = "--usersfile" Then
        gsFile = Wscript.Arguments.Item(1)
    Else
        Wscript.Echo gsUsage
        Wscript.Quit    
    End If
Else
    Wscript.Echo gsUsage
    Wscript.Quit
End If
 
Wscript.Echo "Opening Users file ('" & gsFile & "')..."
If openUserFile(gsFile) Then
    While Not goFile.AtEndOfStream
        gsLine = goFile.ReadLine
        
        ' Skip empty lines
        If gsLine <> "" Then
            gaSplitedLine = Split(gsLine, ",")
            If Ubound(gaSplitedLine) = 0 Then
                Wscript.Echo "Line '" & gsLine & "' cannot be parsed, skipping..."
            Else
                gsUser = Trim(gaSplitedLine(0))
                gsUserDN = GetUserDN(gsUser)
                
                Dim i : For i = 1 to Ubound(gaSplitedLine)
                    gsGroup = Trim(gaSplitedLine(i))
                    gsGroupDN = GetGroupDN(gsGroup)
                    
                    If gsUserDN <> "" AND gsGroupDN <> "" Then
                        Wscript.StdOut.Write "Removing user '" & gsUser & "' from '" & gsGroup & "' group..."
                        If removeUserFromGroup(gsUserDN, gsGroupDN) Then Wscript.Echo "Sucsess."
                    End If
                Next
            End If
        End If
    Wend
    
    goFile.Close
End If
 
'===============================================================================
' Function Name  : openUserFile(pFileName)
' Return value   : Boolean (True or False)
' Author         : Alex Simenduev, www.planetit.ws
' Date           : 04/10/2008
' Description    : Opens a file with user/group info
'===============================================================================
Function openUserFile(pFileName) : openUserFile = False : On Error Resume Next 
    Dim objFSO  : Set objFSO = CreateObject("Scripting.FileSystemObject")
    
    If objFSO.FileExists(pFileName) Then
        Set goFile = objFSO.OpenTextFile(pFileName)
        If Err.Number = 0 Then openUserFile = True
    Else
        Wscript.Echo "File '" & pFileName & "' not exists."
    End If
    
    Set objFile = Nothing
    Set objFSO = Nothing
End Function
 
'===============================================================================
' Function Name  : removeUserFromGroup(pUserDN, pGroupDN)
' Return value   : Boolean (True or False)
' Author         : Alex Simenduev, www.planetit.ws
' Date           : 04/10/2008
' Description    : Removes a given user from given group
'===============================================================================
Function removeUserFromGroup(pUserDN, pGroupDN) : removeUserFromGroup = False : On Error Resume Next
    Dim objGroup    : Set objUser = GetObject("LDAP://" & pUserDN)
    Dim objUser     : Set objGroup = GetObject("LDAP://" & pGroupDN)    
 
    If objGroup.IsMember(objUser.AdsPath) Then
        objGroup.Remove(objUser.AdsPath)
        If Err.Number = 0 Then removeUserFromGroup = True
    Else
        Wscript.Echo "Failed (not member of '" & objGroup.cn & "')."
    End If
 
    Set objGroup = Nothing
    Set objUser = Nothing
End Function
 
'===============================================================================
' Function Name  : getUserDN(pUserName)
' Return value   : String of Distinguished Name
' Author         : Alex Simenduev, www.planetit.ws
' Date           : 04/10/2008
' Description    : Gets the Distinguished Name from the given user name
'===============================================================================
Function getUserDN(pUserName) : getUserDN = "" : On Error Resume Next
    Dim objRootDSE  : Set objRootDSE = GetObject("LDAP://RootDSE")
    Dim strDomainDN : strDomainDN = objRootDSE.Get("defaultNamingContext")
 
    Dim strBase     : strBase	= "<LDAP://" & strDomainDN & ">;"    
    Dim strFilter   : strFilter	= "(&(objectCategory=person)(objectClass=user)(sAMAccountname=" & pUserName & "));"
    Dim strAttrs    : strAttrs	= "distinguishedName;"
    Dim strScope    : strScope	= "subtree"
 
    Dim objConn     : Set objConn = CreateObject("ADODB.Connection")
    objConn.Open "Provider=ADsDSOObject;"
 
    Dim objRS       : Set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope)
    If Err.Number <> 0 Then
        ' Query failed
        Wscript.Echo "User name lookup for '" &  pUserName & "' failed, error number: " & Err.Number
        Exit Function
    End If
    
    ' Query succeeded
    If objRS.RecordCount = 0 Then
        WScript.Echo "User '" & pUserName & "' not found."
    Else
        objRS.MoveFirst
        getUserDN = objRS.Fields("distinguishedName")
    End If
 
    Set objRS = Nothing 
    Set objConn = Nothing
    Set objRootDSE = Nothing
End Function
 
'===============================================================================
' Function Name  : getGroupDN(pUserName)
' Return value   : String of Distinguished Name
' Author         : Alex Simenduev, www.planetit.ws
' Date           : 04/10/2008
' Description    : Gets the Distinguished Name from the given group name
'===============================================================================
Function getGroupDN(pGroupName) : getGroupDN = "" : On Error Resume Next
    Dim objRootDSE  : Set objRootDSE = GetObject("LDAP://RootDSE")
    Dim strDomainDN : strDomainDN = objRootDSE.Get("defaultNamingContext")
 
    Dim strBase     : strBase	= "<GC://" & strDomainDN & ">;"    
    Dim strFilter   : strFilter	= "(&(objectCategory=group)(cn=" & pGroupName & "));"
    Dim strAttrs    : strAttrs	= "distinguishedName;"
    Dim strScope    : strScope	= "subtree"
 
    Dim objConn     : Set objConn = CreateObject("ADODB.Connection")
    objConn.Open "Provider=ADsDSOObject;"
 
    Dim objRS       : Set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope)
    If Err.Number <> 0 Then
        ' Query failed
        Wscript.Echo "Group name lookup for '" &  pGroupName & "' failed, error number: " & Err.Number
        Exit Function
    End If
    
    ' Query succeeded
    If objRS.RecordCount = 0 Then
        WScript.Echo "Group '" & pGroupName & "' not found."
    Else
        objRS.MoveFirst
        getGroupDN = objRS.Fields("distinguishedName")
    End If
 
    Set objRS = Nothing 
    Set objConn = Nothing
    Set objRootDSE = Nothing
End Function

Open in new window

0
 
LVL 11

Author Comment

by:bsharath
ID: 22640762
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use this article to create a batch file to backup a Microsoft SQL Server database to a Windows folder.  The folder can be on the local hard drive or on a network share.  This batch file will query the SQL server to get the current date & time and wi…
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question