Solved

Script to remove members from groups.

Posted on 2010-09-16
8
523 Views
Last Modified: 2012-05-10
Hi,

Script to remove members from groups.
I have a txt file as this

Groupname1;Ntlogin1,Ntlogin2,ntlogin3
Groupname2;Ntlogin1,Ntlogin2,ntlogin3

When script run has to check each row group name and remove members. If any failures record it in a txt log file.

regards
Sharath
0
Comment
Question by:bsharath
  • 5
  • 3
8 Comments
 
LVL 42

Expert Comment

by:sedgwick
ID: 33689738
check it out.
the following cases will be logged:
1. group was not found
2. member if file is not member of the group
3. member was deleted from group
Const ADS_PROPERTY_DELETE = 4 
const SOURCE_FILE = "c:\temp\group_members.txt"
const LOG_FILE = "c:\temp\group_members.log"

Set objFSO = CreateObject("Scripting.FileSystemObject")
set objFile = objFSO.OpenTextFile(SOURCE_FILE, 1)
set objLog  = objFSO.CreateTextFile(LOG_FILE, 2)
groupMembersArr = Split(objFile.ReadAll, vbNewLine)
objFile.Close

for each line in groupMembersArr
	groupName = Split(Line, ";")(0)
	groupMembers = Split(Split(Line, ";")(1), ",")
	groupPath = getGroupPath(groupName)
	if groupPath = "" then
		objLog.WriteLine "Group " & groupName & " could not be found"
	else
		arrMemberOf = GetGroupMmebers(groupPath)
		for each delMember in groupMembers
			isMember=false
			for each member in arrMemberOf
				memberName = Split(Split(member, "CN=")(1), ",")(0)
				if memberName = delMember then
					isMember = true
					DeleteGroupMember groupPath, member
					objLog.WriteLine memberName & " was removed from group " & groupName
				end if
			next
			if isMember = false then
				objLog.WriteLine delMember & " is no member of group " & groupName
			end if
		next 
	end if
Next

objLog.Close
wscript.echo "Done"

function GetGroupMmebers(groupPath)
	Set objGroup = GetObject(groupPath)
	objGroup.GetInfo
	 
	arrMemberOf = objGroup.GetEx("member")
	GetGroupMmebers = arrMemberOf
end function

sub DeleteGroupMember(groupPath, member)
	Set objGroup = GetObject(groupPath) 
	 
	objGroup.PutEx ADS_PROPERTY_DELETE, "member", Array(member)
	 
	objGroup.SetInfo
end sub

function getNC
	set objRoot=getobject("LDAP://RootDSE")
	getNC=objRoot.get("defaultNamingContext")
end function

function getGroupPath(groupname)

	set cmd=createobject("ADODB.Command")
	set cn=createobject("ADODB.Connection")
	set rs=createobject("ADODB.Recordset")
	
	cn.open "Provider=ADsDSOObject;"
	
	cmd.commandtext = "SELECT adspath from 'LDAP://" & getnc & _
			  "' WHERE objectCategory = 'Group' and name = '" & groupname & "'"
	cmd.activeconnection = cn
	
	set rs = cmd.execute
	
	if rs.bof <> true and rs.eof<>true then
		getgrouppath=rs(0)
	else
		getgrouppath = ""
	end if
	cn.close

end function

Open in new window

0
 
LVL 42

Expert Comment

by:sedgwick
ID: 33689740
2. member IN file is not member of the group
0
 
LVL 11

Author Comment

by:bsharath
ID: 33689776
I get as
sharathuy is no member of group Docking

I have this group i am sure and i am member but get the above
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 42

Expert Comment

by:sedgwick
ID: 33697299
the script is case sensitive so make sure the name of the member is exactly the same as displayed in active directory
0
 
LVL 11

Author Comment

by:bsharath
ID: 33698063
Thanks it works.
Can we remove the case issue. That would be difficult if i need to match the case for each name
0
 
LVL 42

Accepted Solution

by:
sedgwick earned 500 total points
ID: 33710486
i changed the script to so members applied with case-insensitive comparison
Const ADS_PROPERTY_DELETE = 4 
const SOURCE_FILE = "c:\temp\group_members.txt"
const LOG_FILE = "c:\temp\group_members.log"

Set objFSO = CreateObject("Scripting.FileSystemObject")
set objFile = objFSO.OpenTextFile(SOURCE_FILE, 1)
set objLog  = objFSO.CreateTextFile(LOG_FILE, 2)
groupMembersArr = Split(objFile.ReadAll, vbNewLine)
objFile.Close

for each line in groupMembersArr
	groupName = Split(Line, ";")(0)
	groupMembers = Split(Split(Line, ";")(1), ",")
	groupPath = getGroupPath(groupName)
	if groupPath = "" then
		objLog.WriteLine "Group " & groupName & " could not be found"
	else
		arrMemberOf = GetGroupMmebers(groupPath)
		for each delMember in groupMembers
			isMember=false
			for each member in arrMemberOf
				memberName = Split(Split(member, "CN=")(1), ",")(0)
				if UCase(memberName) = UCase(delMember) then
					isMember = true
					DeleteGroupMember groupPath, member
					objLog.WriteLine memberName & " was removed from group " & groupName
				end if
			next
			if isMember = false then
				objLog.WriteLine delMember & " is no member of group " & groupName
			end if
		next 
	end if
Next

objLog.Close
wscript.echo "Done"

function GetGroupMmebers(groupPath)
	Set objGroup = GetObject(groupPath)
	objGroup.GetInfo
	 
	arrMemberOf = objGroup.GetEx("member")
	GetGroupMmebers = arrMemberOf
end function

sub DeleteGroupMember(groupPath, member)
	Set objGroup = GetObject(groupPath) 
	 
	objGroup.PutEx ADS_PROPERTY_DELETE, "member", Array(member)
	 
	objGroup.SetInfo
end sub

function getNC
	set objRoot=getobject("LDAP://RootDSE")
	getNC=objRoot.get("defaultNamingContext")
end function

function getGroupPath(groupname)

	set cmd=createobject("ADODB.Command")
	set cn=createobject("ADODB.Connection")
	set rs=createobject("ADODB.Recordset")
	
	cn.open "Provider=ADsDSOObject;"
	
	cmd.commandtext = "SELECT adspath from 'LDAP://" & getnc & _
			  "' WHERE objectCategory = 'Group' and name = '" & groupname & "'"
	cmd.activeconnection = cn
	
	set rs = cmd.execute
	
	if rs.bof <> true and rs.eof<>true then
		getgrouppath=rs(0)
	else
		getgrouppath = ""
	end if
	cn.close

end function

Open in new window

0
 
LVL 11

Author Comment

by:bsharath
ID: 33710527
Thanks a lot works perfect
0
 
LVL 42

Expert Comment

by:sedgwick
ID: 33710558
do u have any open questions which i assist you with, but didn't provide you with a solution yet?
i lost track of all the questions i'm participating in.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows Script Host (WSH) has been part of Windows since Windows NT4. Windows Script Host provides architecture for building dynamic scripts that consist of a core object model, scripting hosts, and scripting engines. The key components of Window…
A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
The viewer will learn how to user default arguments when defining functions. This method of defining functions will be contrasted with the non-default-argument of defining functions.
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question