Script to remove multiple users from a secutiry group

Hi Experts,

I have a script at the moment that adds multiple users in to a particular security group, I was wondering if there was a way to do the same but in reverse, and thus removing multiple active directory users from a security group?

I have included a snippet of the code we use to add multiple users to a security group for your reference, to see what we do and how we do it.

Kindest Regards
Option Explicit
Dim objRootLDAP, objGroup, objUser, objOU
Dim strOU, strOU2, strGroup, strDNSDomain
Dim intCounter

strOU = "OU=Users,OU=01-Bournemouth,OU=Stores,OU=Beales Users,"
strOU2 = "OU=Security Groups,OU=Beales Groups,"
strGroup = "CN=Remote Users,"

Set objRootLDAP = GetObject("LDAP://RootDSE")
strDNSDomain = objRootLDAP.Get("DefaultNamingContext")

Set objGroup = GetObject("LDAP://"& strGroup _
& strOU2 & strDNSDomain)
Set objOU =GetObject("LDAP://" & strOU & strDNSDomain)

intCounter = 1
For Each objUser In objOU
   If objUser.Class = lcase("User") then
      intCounter = intcounter +1
   End If
WScript.Echo strGroup & " has " & intCounter & " new members"


Open in new window

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You can just change




Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Krzysztof PytkoSenior Active Directory EngineerCommented:
I would rather use for that Microsoft DS Tools or Quest PowerShell module for AD. It's much easier in use if you're not a VBScript expert ;)
If you're interested, please let me knwo. I will prepare a syntax for you :)

Flight5497Author Commented:
Ah that is brilliant mate, thank you very much it was that simple :P now I feel suitably silly :)

I would also like to ask while I am here another problem I had with the above script just a second ago is that when I tell it to add all users in the OU to a group and it finds a user that is already in the group it falls over and does not carry on with the users that are not in the group.

Is there someway of amending it to allow for this?
Sure.  Just change this:

Open in new window

to this:
      On Error Resume Next
      If Err.Number = 0 Then
            WScript.Echo "User added successfully."
            WScript.Echo "User was not added. Error " & Err.Number & ": " & Err.Description
      End If
      On Error GoTo 0

Open in new window

You can comment out the WScript.Echo statements if you don't them to display.


It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.