Solved

Script to remove members from groups.

Posted on 2010-09-16
8
519 Views
Last Modified: 2012-05-10
Hi,

Script to remove members from groups.
I have a txt file as this

Groupname1;Ntlogin1,Ntlogin2,ntlogin3
Groupname2;Ntlogin1,Ntlogin2,ntlogin3

When script run has to check each row group name and remove members. If any failures record it in a txt log file.

regards
Sharath
0
Comment
Question by:bsharath
  • 5
  • 3
8 Comments
 
LVL 42

Expert Comment

by:sedgwick
ID: 33689738
check it out.
the following cases will be logged:
1. group was not found
2. member if file is not member of the group
3. member was deleted from group
Const ADS_PROPERTY_DELETE = 4 
const SOURCE_FILE = "c:\temp\group_members.txt"
const LOG_FILE = "c:\temp\group_members.log"

Set objFSO = CreateObject("Scripting.FileSystemObject")
set objFile = objFSO.OpenTextFile(SOURCE_FILE, 1)
set objLog  = objFSO.CreateTextFile(LOG_FILE, 2)
groupMembersArr = Split(objFile.ReadAll, vbNewLine)
objFile.Close

for each line in groupMembersArr
	groupName = Split(Line, ";")(0)
	groupMembers = Split(Split(Line, ";")(1), ",")
	groupPath = getGroupPath(groupName)
	if groupPath = "" then
		objLog.WriteLine "Group " & groupName & " could not be found"
	else
		arrMemberOf = GetGroupMmebers(groupPath)
		for each delMember in groupMembers
			isMember=false
			for each member in arrMemberOf
				memberName = Split(Split(member, "CN=")(1), ",")(0)
				if memberName = delMember then
					isMember = true
					DeleteGroupMember groupPath, member
					objLog.WriteLine memberName & " was removed from group " & groupName
				end if
			next
			if isMember = false then
				objLog.WriteLine delMember & " is no member of group " & groupName
			end if
		next 
	end if
Next

objLog.Close
wscript.echo "Done"

function GetGroupMmebers(groupPath)
	Set objGroup = GetObject(groupPath)
	objGroup.GetInfo
	 
	arrMemberOf = objGroup.GetEx("member")
	GetGroupMmebers = arrMemberOf
end function

sub DeleteGroupMember(groupPath, member)
	Set objGroup = GetObject(groupPath) 
	 
	objGroup.PutEx ADS_PROPERTY_DELETE, "member", Array(member)
	 
	objGroup.SetInfo
end sub

function getNC
	set objRoot=getobject("LDAP://RootDSE")
	getNC=objRoot.get("defaultNamingContext")
end function

function getGroupPath(groupname)

	set cmd=createobject("ADODB.Command")
	set cn=createobject("ADODB.Connection")
	set rs=createobject("ADODB.Recordset")
	
	cn.open "Provider=ADsDSOObject;"
	
	cmd.commandtext = "SELECT adspath from 'LDAP://" & getnc & _
			  "' WHERE objectCategory = 'Group' and name = '" & groupname & "'"
	cmd.activeconnection = cn
	
	set rs = cmd.execute
	
	if rs.bof <> true and rs.eof<>true then
		getgrouppath=rs(0)
	else
		getgrouppath = ""
	end if
	cn.close

end function

Open in new window

0
 
LVL 42

Expert Comment

by:sedgwick
ID: 33689740
2. member IN file is not member of the group
0
 
LVL 11

Author Comment

by:bsharath
ID: 33689776
I get as
sharathuy is no member of group Docking

I have this group i am sure and i am member but get the above
0
 
LVL 42

Expert Comment

by:sedgwick
ID: 33697299
the script is case sensitive so make sure the name of the member is exactly the same as displayed in active directory
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 11

Author Comment

by:bsharath
ID: 33698063
Thanks it works.
Can we remove the case issue. That would be difficult if i need to match the case for each name
0
 
LVL 42

Accepted Solution

by:
sedgwick earned 500 total points
ID: 33710486
i changed the script to so members applied with case-insensitive comparison
Const ADS_PROPERTY_DELETE = 4 
const SOURCE_FILE = "c:\temp\group_members.txt"
const LOG_FILE = "c:\temp\group_members.log"

Set objFSO = CreateObject("Scripting.FileSystemObject")
set objFile = objFSO.OpenTextFile(SOURCE_FILE, 1)
set objLog  = objFSO.CreateTextFile(LOG_FILE, 2)
groupMembersArr = Split(objFile.ReadAll, vbNewLine)
objFile.Close

for each line in groupMembersArr
	groupName = Split(Line, ";")(0)
	groupMembers = Split(Split(Line, ";")(1), ",")
	groupPath = getGroupPath(groupName)
	if groupPath = "" then
		objLog.WriteLine "Group " & groupName & " could not be found"
	else
		arrMemberOf = GetGroupMmebers(groupPath)
		for each delMember in groupMembers
			isMember=false
			for each member in arrMemberOf
				memberName = Split(Split(member, "CN=")(1), ",")(0)
				if UCase(memberName) = UCase(delMember) then
					isMember = true
					DeleteGroupMember groupPath, member
					objLog.WriteLine memberName & " was removed from group " & groupName
				end if
			next
			if isMember = false then
				objLog.WriteLine delMember & " is no member of group " & groupName
			end if
		next 
	end if
Next

objLog.Close
wscript.echo "Done"

function GetGroupMmebers(groupPath)
	Set objGroup = GetObject(groupPath)
	objGroup.GetInfo
	 
	arrMemberOf = objGroup.GetEx("member")
	GetGroupMmebers = arrMemberOf
end function

sub DeleteGroupMember(groupPath, member)
	Set objGroup = GetObject(groupPath) 
	 
	objGroup.PutEx ADS_PROPERTY_DELETE, "member", Array(member)
	 
	objGroup.SetInfo
end sub

function getNC
	set objRoot=getobject("LDAP://RootDSE")
	getNC=objRoot.get("defaultNamingContext")
end function

function getGroupPath(groupname)

	set cmd=createobject("ADODB.Command")
	set cn=createobject("ADODB.Connection")
	set rs=createobject("ADODB.Recordset")
	
	cn.open "Provider=ADsDSOObject;"
	
	cmd.commandtext = "SELECT adspath from 'LDAP://" & getnc & _
			  "' WHERE objectCategory = 'Group' and name = '" & groupname & "'"
	cmd.activeconnection = cn
	
	set rs = cmd.execute
	
	if rs.bof <> true and rs.eof<>true then
		getgrouppath=rs(0)
	else
		getgrouppath = ""
	end if
	cn.close

end function

Open in new window

0
 
LVL 11

Author Comment

by:bsharath
ID: 33710527
Thanks a lot works perfect
0
 
LVL 42

Expert Comment

by:sedgwick
ID: 33710558
do u have any open questions which i assist you with, but didn't provide you with a solution yet?
i lost track of all the questions i'm participating in.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

This article is the result of a quest to better understand Task Scheduler 2.0 and all the newer objects available in vbscript in this version over  the limited options we had scripting in Task Scheduler 1.0.  As I started my journey of knowledge I f…
How to remove superseded packages in windows w60 or w61 installation media (.wim) or online system to prevent unnecessary space. w60 means Windows Vista or Windows Server 2008. w61 means Windows 7 or Windows Server 2008 R2. There are various …
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now