?
Solved

How to remove group membership automatically?

Posted on 2009-07-07
6
Medium Priority
?
1,097 Views
Last Modified: 2012-05-07
Hello,

After disabling certain user accounts, i placed them in an OU called "Decommissioned".  I need to run a script its main function is to remove any group (security or dist.) that these accounts are members. I need the script to run  against a specific OU.

Appreciate your fast response in this.

Thanks

Yassein
0
Comment
Question by:amyassein
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 6

Expert Comment

by:Krisdeep
ID: 24793400
This site might help and add this maybe to a schedule task maybe once a day or add a timer in the vbs script.

http://www.phwinfo.com/forum/ms-win-server-scripting/355024-script-ad-remove-all-members-groups-ou.html
0
 
LVL 1

Author Comment

by:amyassein
ID: 24795831
Kris,

Thank you .... However, this forum dicuss a script that removes members from a group that are in a specific OU. For example, users in Marketing OU to be removed from the Marketing group.

What i ask for is the complete opposite, my requirement is a script to remove the groups from the user accounts where they reside in an OU named Decommissioned and each account in this OU is a member in different groups.

The goal from the beginning is that after disabling these user accounts, i want also to remove them from any groups since they are disabled. So i place them in an Decommissioned OU and then remove their groups as well.

Can i do that using a script?

Thanks

0
 
LVL 6

Accepted Solution

by:
Krisdeep earned 1000 total points
ID: 24812927
Credit to Richard Mueller [MVP]
I have tested this can you confirm if it works for you. It removes all the group except the default domain users group.

Option Explicit

Dim objOU, objUser, arrGroups, strGroup, objGroup
Dim objGroupList

' Bind to OU object.
Set objOU = GetObject("LDAP://ou=Test,dc=Cisco,dc=com")

' Filter on objects of class user.
objOU.Filter = Array("user")

' Create dictionary object of group objects.
Set objGroupList = CreateObject("Scripting.Dictionary")
objGroupList.CompareMode = vbTextCompare

' Enumerate users in OU.
For Each objUser In objOU
' Enumerate direct group memberships.
' Trap error if there are no groups.
' Primary group is not included.
On Error Resume Next
arrGroups = objUser.GetEx("memberOf")
If (Err.Number = 0) Then
On Error GoTo 0
For Each strGroup In arrGroups
' Check if group already bound.
If (objGroupList.Exists(strGroup) = False) Then
' Add group object to the dictionary object.
Set objGroupList(strGroup) = GetObject("LDAP://" & strGroup)
End If
' Remove user from the group.
objGroupList(strGroup).Remove(objUser.AdsPath)
Next
End If
On Error GoTo 0
Next
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 6

Expert Comment

by:Krisdeep
ID: 24812954
The only settings that you have to change above is
' Bind to OU object.
Set objOU = GetObject("LDAP://ou=Test,dc=Cisco,dc=com")

If your not sure let me know.
0
 
LVL 1

Author Comment

by:amyassein
ID: 24823128
Kris,

Thank you so much for the valuable information. Let me test your script and i will update you.  

By the way, In the "Bind to OU Object", shall i have to put my "Decommissioned" OU?

Thanks
0
 
LVL 6

Expert Comment

by:Krisdeep
ID: 24828447
"By the way, In the "Bind to OU Object", shall i have to put my "Decommissioned" OU?"

Yes that will be your location of your Decommissioned OU.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question