• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 456
  • Last Modified:

When script run has to check all groups within a OU. Then match each Email address of each member with the other and remove the users if match found.

Hi,

When script run has to check all groups within a OU. Then match each Email address of each member with the other and remove the users if match found.
I have few groups that will have a contact and a user account as members of the group. both with email addresses that will be same. So help with a script that can check each group see if there is a email address duplicate and then remove the user leaving the unique contact

Record a report on the removals
The group will have many other user also. So need to be sure on removal of just the duplicate email matching users.

Any help is of great use.

Regards
Sharath
0
bsharath
Asked:
bsharath
  • 17
  • 17
  • 7
1 Solution
 
exx1976Commented:
Ok, I didn't think what you were saying was possible.

I just went into AD to verify, and I tried to create a contact with the same SMTP address as my account, and AD says "a user with this email address already exists in the organization".


So how, exactly, did you create this problem in the first place??
0
 
bsharathAuthor Commented:
We are in the the phase of exchange migration. We use a software called priasoft that creates a contact in the source domain and them migrates the mailbox to the destination. Now i have the contacts and users added to each group.
The contact email address as
smtp:emailaddress
now need to remove just the users that is duplicate with the contact
0
 
exx1976Commented:
That's still not possible.  AD won't allow you to have a contact and a user with the same SMTP address.  Not even programmatically.

???
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
bsharathAuthor Commented:
:-)
Yes when done manually but this software i dont know what it does internally but has created.
0
 
exx1976Commented:
No, I just tried to do it programmatically and AD returned an error.


Please provide mroe information about your environment.  What version of exchange are you coming off of, what are you going to, and also your AD layout.  Two separate forests?  Same forest/different domains?
0
 
bsharathAuthor Commented:
I have Root domain and 3 child Domains
The Domain "Dev" is the one that has the contact and User account both with same email id's
Sorry just realized one this
the user email address is change as
Sharath.yui.plc.com@HasBeenMigratedTo.Exchange2007
And the Contact email address is as
Sharath.yui@plc.com

Now in this case we need to match the
User account till the last . before plc
and the Contact till @ and if match found remove the user

Please see if you can get any logic in scripting...
0
 
bsharathAuthor Commented:
or if we can match the exact Display name. Then it would be great
As display names for the user and contact are same
First name and last name are display name
But the names that are seen to us in the ADUC is as below.
When opened the contact the display name is shown
Capture.JPG
0
 
exx1976Commented:
Ok, the displayname attribute of both the contact and the user are the same though?

So like when you like in the OAB, you see the same person listed twice, once as a contact, and once as a user?

And you want to remove the user.

Am I understanding correctly?
0
 
bsharathAuthor Commented:
Yes its same
Yes
Yes
Yes you are right
0
 
bsharathAuthor Commented:
any luck with this?
0
 
exx1976Commented:
Patience, patience..  I was working on your other question, and I get a break for lunch, too.  :)

This code checks each user account against each contact that's on a DL, and if it finds a user and a contact that have the same displayname, it removes the user from the group.
Set oFS = CreateObject("Scripting.FileSystemObject")
Set logfile = oFS.CreateTextFile("c:\log.txt")
Set oOU = GetObject("LDAP://OU=corporate groups,DC=alliance,DC=local")
Dim UsersArr()
Dim ContactsArr()
For Each group In oOU
	i = 0
	j = 0
	ReDim UsersArr(i)
	ReDim ContactsArr(j)
	If group.class = "group" Then
		For Each member In group.members
			If member.class = "user" Then
				UsersArr(i) = member.adspath
				i = i + 1
				ReDim Preserve UsersArr(i)
			End If
			If member.class = "contact" Then
				ContactsArr(j) = member.adspath
				j = j + 1
				ReDim Preserve ContactsArr(j)
			End If
		Next
	End If
	If j > 0 And i > 0 Then
		For Each user In UsersArr
			Set oUser = GetObject(user)
			For Each contact In ContactsArr
				Set oContact = GetObject(contact)
				If oContact.displayName = oUser.displayName Then
					group.Remove user
					logfile.writeline("Removed " & oUser.displayName & " from " & group.displayName)
				End If
			Next
		Next
	End If
Next
logfile.close

Open in new window

0
 
exx1976Commented:
My apologies - use this code instead.  The code above will work fine in most circumstances, but it COULD generate an error sometimes.  This one will work better.


Set oFS = CreateObject("Scripting.FileSystemObject")
Set logfile = oFS.CreateTextFile("c:\log.txt")
Set oOU = GetObject("LDAP://OU=corporate groups,DC=alliance,DC=local")
Dim UsersArr()
Dim ContactsArr()
For Each group In oOU
	i = 0
	j = 0
	ReDim UsersArr(i)
	ReDim ContactsArr(j)
	If group.class = "group" Then
		For Each member In group.members
			If member.class = "user" Then
				UsersArr(i) = member.adspath
				i = i + 1
				ReDim Preserve UsersArr(i)
			End If
			If member.class = "contact" Then
				ContactsArr(j) = member.adspath
				j = j + 1
				ReDim Preserve ContactsArr(j)
			End If
		Next
		If j > 0 And i > 0 Then
			For Each user In UsersArr
				Set oUser = GetObject(user)
				For Each contact In ContactsArr
					Set oContact = GetObject(contact)
					If oContact.displayName = oUser.displayName Then
						group.Remove user
						logfile.writeline("Removed " & oUser.displayName & " from " & group.displayName)
					End If
				Next
			Next
		End If
	End If
Next
logfile.close

Open in new window

0
 
bsharathAuthor Commented:
I Get this

---------------------------
Windows Script Host
---------------------------
Script:      D:\Remove_Membership.vbs
Line:      28
Char:      41
Error:      Invalid procedure call or argument: 'GetObject'
Code:      800A0005
Source:       Microsoft VBScript runtime error

---------------------------
OK  
---------------------------
0
 
exx1976Commented:
Try this.
Set oFS = CreateObject("Scripting.FileSystemObject")
Set logfile = oFS.CreateTextFile("c:\log.txt")
Set oOU = GetObject("LDAP://OU=corporate groups,DC=alliance,DC=local")
Dim UsersArr()
Dim ContactsArr()
For Each group In oOU
	i = 0
	j = 0
	ReDim UsersArr(i)
	ReDim ContactsArr(j)
	If group.class = "group" Then
		For Each member In group.members
			If member.class = "user" Then
				UsersArr(i) = member.adspath
				i = i + 1
				ReDim Preserve UsersArr(i)
			End If
			If member.class = "contact" Then
				ContactsArr(j) = member.adspath
				j = j + 1
				ReDim Preserve ContactsArr(j)
			End If
			If j > 0 And i > 0 Then
				For q = 0 To UBound(UsersArr)-1
					Set oUser = GetObject(UsersArr(q))
					For x = 0 To UBound(ContactsArr)-1
						Set oContact = GetObject(ContactsArr(x))
						If oContact.displayName = oUser.displayName Then
							group.Remove user
							logfile.writeline("Removed " & oUser.displayName & " from " & group.displayName)
						End If
					Next
				Next
			End If
		Next
	End If
Next
logfile.close

Open in new window

0
 
bsharathAuthor Commented:
I get this
---------------------------
Windows Script Host
---------------------------
Script:      D:\Remove_Membership.vbs
Line:      29
Char:      57
Error:      Unspecified error
Code:      80004005
Source:       (null)

---------------------------
OK  
---------------------------
0
 
Chris DentPowerShell DeveloperCommented:

> group.Remove user

I would have thought that should be user.ADSPath, that's the expected argument for the Add / Remove methods on iADsGroup.

Chris
0
 
bsharathAuthor Commented:
Should it be

user.ADSPath

I get this

---------------------------
Windows Script Host
---------------------------
Script:      D:\Remove_Membership.vbs
Line:      30
Char:      1
Error:      Object required: 'user'
Code:      800A01A8
Source:       Microsoft VBScript runtime error

---------------------------
OK  
---------------------------
0
 
Chris DentPowerShell DeveloperCommented:

Make that:

group.Remove oUser.ADSPath.

Chris
0
 
exx1976Commented:
Man, another oversight.  LOL

oUser.adspath would work, but I should have changed it to

group.remove UsersArr(q)


Apologies..
0
 
Chris DentPowerShell DeveloperCommented:

Yes, that would be rather more appropriate :)

Chris
0
 
Chris DentPowerShell DeveloperCommented:

Er your method of referring to the value I mean :)

Chris
0
 
bsharathAuthor Commented:
I get this

---------------------------
Windows Script Host
---------------------------
Script:      D:\Remove_Membership.vbs
Line:      30
Char:      1
Error:      Wrong number of arguments or invalid property assignment: 'group.Remove'
Code:      800A01C2
Source:       Microsoft VBScript runtime error

---------------------------
OK  
---------------------------

Will it work for distribution and security groups that are mail enabled.?
0
 
bsharathAuthor Commented:
I get this Exx
---------------------------
Windows Script Host
---------------------------
Script:      D:\Remove_Membership.vbs
Line:      31
Char:      78
Error:      Expected end of statement
Code:      800A0401
Source:       Microsoft VBScript compilation error

---------------------------
OK  
---------------------------
0
 
Chris DentPowerShell DeveloperCommented:

Yes it will.

I suggest you post back the version of the script you're using. Line 30 is the logging line in the snippet above.

Chris
0
 
exx1976Commented:
Yes, please post up what you are currently running.
0
 
exx1976Commented:
Ahh, darn it..  I see what's going on.  one minute..
0
 
bsharathAuthor Commented:
I have this
Set oFS = CreateObject("Scripting.FileSystemObject") 
Set logfile = oFS.CreateTextFile("D:\log1.txt") 
Set oOU = GetObject("LDAP://OU=Security Groups,OU=DC=Group,DC=co,DC=uk") 
Dim UsersArr() 
Dim ContactsArr() 
For Each group In oOU 
        i = 0 
        j = 0 
        ReDim UsersArr(i) 
        ReDim ContactsArr(j) 
        If group.class = "group" Then 
                For Each member In group.members 
                        If member.class = "user" Then 
                                UsersArr(i) = member.adspath 
                                i = i + 1 
                                ReDim Preserve UsersArr(i) 
                        End If 
                        If member.class = "contact" Then 
                                ContactsArr(j) = member.adspath 
                                j = j + 1 
                                ReDim Preserve ContactsArr(j) 
                        End If 
                        If j > 0 And i > 0 Then 
                                For q = 0 To UBound(UsersArr)-1 
                                        Set oUser = GetObject(UsersArr(q)) 
                                        For x = 0 To UBound(ContactsArr)-1 
                                                Set oContact = GetObject(ContactsArr(x)) 
                                                If oContact.displayName = oUser.displayName Then 
                                                        'group.ADSPath
'group.Remove.oUser.ADSPath
group.remove UsersArr(q)                                                  
   logfile.writeline("Removed " & oUser.displayName & " from " & group.displayName) 
                                                End If 
                                        Next 
                                Next 
                        End If 
                Next 
        End If 
Next 
logfile.close

Open in new window

0
 
exx1976Commented:
Use this.  My apologies, it's been quite some time since I've done work with groups.  The remove method wants the DN, not the ADSPath.


-exx
Set oFS = CreateObject("Scripting.FileSystemObject")
Set logfile = oFS.CreateTextFile("c:\log.txt")
Set oOU = GetObject("LDAP://OU=corporate groups,DC=alliance,DC=local")
Dim UsersArr()
Dim ContactsArr()
For Each group In oOU
	i = 0
	j = 0
	ReDim UsersArr(i)
	ReDim ContactsArr(j)
	If group.class = "group" Then
		For Each member In group.members
			If member.class = "user" Then
				UsersArr(i) = member.adspath
				i = i + 1
				ReDim Preserve UsersArr(i)
			End If
			If member.class = "contact" Then
				ContactsArr(j) = member.adspath
				j = j + 1
				ReDim Preserve ContactsArr(j)
			End If
			If j > 0 And i > 0 Then
				For q = 0 To UBound(UsersArr)-1
					Set oUser = GetObject(UsersArr(q))
					For x = 0 To UBound(ContactsArr)-1
						Set oContact = GetObject(ContactsArr(x))
						If oContact.displayName = oUser.displayName Then
							group.Remove oUser.distinguishedName
							logfile.writeline("Removed " & oUser.displayName & " from " & group.displayName)
						End If
					Next
				Next
			End If
		Next
	End If
Next
logfile.close

Open in new window

0
 
bsharathAuthor Commented:
I get this

---------------------------
Windows Script Host
---------------------------
Script:      D:\Remove_Membership.vbs
Line:      29
Char:      57
Error:      0x80005000
Code:      80005000
Source:       (null)

---------------------------
OK  
---------------------------
0
 
Chris DentPowerShell DeveloperCommented:
I'm sure ADsPath is correct you know, it's described here:

http://msdn.microsoft.com/en-us/library/aa706034%28VS.85%29.aspx

Chris
0
 
exx1976Commented:
Check the log file please.  What is the last line in there?
0
 
bsharathAuthor Commented:
Log file is empty
0
 
exx1976Commented:
That all refers to the WinNT provider, Chris.  ?

However, I just created a dummy group and tried to test here.

It is, in fact, ADSPath that it wants (stupid book - page 431 of William R Stanek's book is incorrect!  FAIL!).

HOWEVER - the errors I got were identical to those that the OP got - using ADSPath I got permission denied (not running the code with a DA account), and running it with DN got me an 80005000(null).

So - OP - use the code below, and then solve for your permissions problem..
Set oFS = CreateObject("Scripting.FileSystemObject")
Set logfile = oFS.CreateTextFile("c:\log.txt")
Set oOU = GetObject("LDAP://OU=corporate groups,DC=alliance,DC=local")
Dim UsersArr()
Dim ContactsArr()
For Each group In oOU
	i = 0
	j = 0
	ReDim UsersArr(i)
	ReDim ContactsArr(j)
	If group.class = "group" Then
		For Each member In group.members
			If member.class = "user" Then
				UsersArr(i) = member.adspath
				i = i + 1
				ReDim Preserve UsersArr(i)
			End If
			If member.class = "contact" Then
				ContactsArr(j) = member.adspath
				j = j + 1
				ReDim Preserve ContactsArr(j)
			End If
			If j > 0 And i > 0 Then
				For q = 0 To UBound(UsersArr)-1
					Set oUser = GetObject(UsersArr(q))
					For x = 0 To UBound(ContactsArr)-1
						Set oContact = GetObject(ContactsArr(x))
						If oContact.displayName = oUser.displayName Then
							group.Remove UsersArr(q)
							logfile.writeline("Removed " & oUser.displayName & " from " & group.displayName)
						End If
					Next
				Next
			End If
		Next
	End If
Next
logfile.close

Open in new window

0
 
Chris DentPowerShell DeveloperCommented:
> That all refers to the WinNT provider, Chris.  ?

Yep, it does. Same interface (ADSI), different provider :)

You can apply the same interface documentation for users, IADsUser, which means you can do this:

WScript.Echo oUser.FirstName
WScript.Echo oUser.OfficeLocations

Even though we know full well those aren't the attribute names in AD. Fun, isn't it :)

IADsUser: http://msdn.microsoft.com/en-us/library/aa746340%28VS.85%29.aspx

> stupid book

Hmm that can't help...

Chris
0
 
exx1976Commented:
OP - haven't heard from you in a bit.  I'm guessing it's working?
0
 
bsharathAuthor Commented:
Sorry for the delay
I get this now

---------------------------
Windows Script Host
---------------------------
Script:      D:\Remove_Membership.vbs
Line:      29
Char:      57
Error:      The server is unwilling to process the request.
Code:      80072035
Source:       (null)

---------------------------
OK  
---------------------------
Log file has this
Removed Bhsha rthi from Aus_Quality
0
 
exx1976Commented:
The code is working then.  Entries are only written to the logfile AFTER they are successfully removed from the group.

It's starting to sound like you either have A) permissions issues, which I mentioned above, or B) users that have had their primary group reassigned.  Novice administrators like to screw with this, but unless you're working with POSIX stuff there's really no need.

There are two other possibilities, but they are both very remote.  One of them is that the DC you are processing this code against got overloaded, and did exactly what the error said:  Refused to process the request.   The other unlikely option is that you are having problems with the group and the user being in different domains.


Either which way, the ball is squarely in your court now.  Hoepfully you get it resolved.


HTH,
exx

PS - http://www.lmgtfy.com/?q=vbs+%2Bad+%2Bgroup+%2Bremove+%2B80072035   The top result was most helpful...
0
 
bsharathAuthor Commented:
But...
it removes 1 user and then errors. Each time i run it works for just 1 user.

I just ran some of my other scripts that add's users or removes. To the same Ou and Domain they work fine.
0
 
exx1976Commented:
What?

That would have been helpful information to have before...

Either way, it would appear I am suffering a horrible case of foot-in-mouth..

Give this a try..  *sigh*

If j > 0 And i > 0 Then 
                                For q = 0 To UBound(UsersArr)-1 
                                        Set oUser = GetObject(UsersArr(q)) 
                                        For x = 0 To UBound(ContactsArr)-1 
                                                Set oContact = GetObject(ContactsArr(x)) 
                                                If oContact.displayName = oUser.displayName Then 
                                                        group.Remove UsersArr(q) 
                                                        logfile.writeline("Removed " & oUser.displayName & " from " & group.displayName) 
                                                End If 
                                        Next 
                                Next 
                        End If 

Open in new window

0
 
exx1976Commented:
oops

Here's ALL of the code  LOL


Set oFS = CreateObject("Scripting.FileSystemObject") 
Set logfile = oFS.CreateTextFile("c:\log.txt") 
Set oOU = GetObject("LDAP://OU=corporate groups,DC=alliance,DC=local") 
Dim UsersArr() 
Dim ContactsArr() 
For Each group In oOU 
        i = 0 
        j = 0 
        ReDim UsersArr(i) 
        ReDim ContactsArr(j) 
        If group.class = "group" Then 
                For Each member In group.members 
                        If member.class = "user" Then 
                                UsersArr(i) = member.adspath 
                                i = i + 1 
                                ReDim Preserve UsersArr(i) 
                        End If 
                        If member.class = "contact" Then 
                                ContactsArr(j) = member.adspath 
                                j = j + 1 
                                ReDim Preserve ContactsArr(j) 
                        End If 
                Next 
                If j > 0 And i > 0 Then 
                                For q = 0 To UBound(UsersArr)-1 
                                        Set oUser = GetObject(UsersArr(q)) 
                                        For x = 0 To UBound(ContactsArr)-1 
                                                Set oContact = GetObject(ContactsArr(x)) 
                                                If oContact.displayName = oUser.displayName Then 
                                                        group.Remove UsersArr(q) 
                                                        logfile.writeline("Removed " & oUser.displayName & " from " & group.displayName) 
                                                End If 
                                        Next 
                                Next 
                        End If 
        End If 
Next 
logfile.close

Open in new window

0
 
bsharathAuthor Commented:
Thanks a lot works perfect... :-)
Chris thank you too...
Any help on this
http://www.experts-exchange.com/Programming/Languages/Scripting/Powershell/Q_25631574.html?fromWizard=true
Urgent need. I have migrated few 100 users now and it removed the X500 need a way to add it.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 17
  • 17
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now