I am trying to clean up the remnants of these accounts from all the workstations (I do not want to assume that it was all in the admin group, may be a db2 local group on the machine). So I want something that will recognize that the account no longer exists. The code snippet would be fine if there was a way to have it search through all local groups (not just administrators) and the environment is too large to try and find out exactly what groups are on which machines.
Is there a way to query AD for valid accounts and delete invalid?
Is it ok to search for a partial SID ("S-1-") as below.
Thanks for the help.
Domain = WScript.Arguments.Item(0)
Server = WScript.Arguments.Item(1)
Set objAdministrators = GetObject("WinNT://" & Domain & "/" & Server & "/Administrators,group")
Set Administrators = objAdministrators.Members
For Each Admin in Administrators
If Mid(Admin.Name,1,4) = "S-1-" then
WScript.Echo "Removing " & Admin.Name