Script to remove multiple users from a secutiry group

Posted on 2011-10-05
Last Modified: 2012-05-12
Hi Experts,

I have a script at the moment that adds multiple users in to a particular security group, I was wondering if there was a way to do the same but in reverse, and thus removing multiple active directory users from a security group?

I have included a snippet of the code we use to add multiple users to a security group for your reference, to see what we do and how we do it.

Kindest Regards
Option Explicit
Dim objRootLDAP, objGroup, objUser, objOU
Dim strOU, strOU2, strGroup, strDNSDomain
Dim intCounter

strOU = "OU=Users,OU=01-Bournemouth,OU=Stores,OU=Beales Users,"
strOU2 = "OU=Security Groups,OU=Beales Groups,"
strGroup = "CN=Remote Users,"

Set objRootLDAP = GetObject("LDAP://RootDSE")
strDNSDomain = objRootLDAP.Get("DefaultNamingContext")

Set objGroup = GetObject("LDAP://"& strGroup _
& strOU2 & strDNSDomain)
Set objOU =GetObject("LDAP://" & strOU & strDNSDomain)

intCounter = 1
For Each objUser In objOU
   If objUser.Class = lcase("User") then
      intCounter = intcounter +1
   End If
WScript.Echo strGroup & " has " & intCounter & " new members"


Open in new window

Question by:Flight5497
    LVL 65

    Accepted Solution

    You can just change



    LVL 39

    Expert Comment

    by:Krzysztof Pytko
    I would rather use for that Microsoft DS Tools or Quest PowerShell module for AD. It's much easier in use if you're not a VBScript expert ;)
    If you're interested, please let me knwo. I will prepare a syntax for you :)

    LVL 1

    Author Comment

    Ah that is brilliant mate, thank you very much it was that simple :P now I feel suitably silly :)

    I would also like to ask while I am here another problem I had with the above script just a second ago is that when I tell it to add all users in the OU to a group and it finds a user that is already in the group it falls over and does not carry on with the users that are not in the group.

    Is there someway of amending it to allow for this?
    LVL 65

    Assisted Solution

    Sure.  Just change this:

    Open in new window

    to this:
          On Error Resume Next
          If Err.Number = 0 Then
                WScript.Echo "User added successfully."
                WScript.Echo "User was not added. Error " & Err.Number & ": " & Err.Description
          End If
          On Error GoTo 0

    Open in new window

    You can comment out the WScript.Echo statements if you don't them to display.



    Featured Post

    Why spend so long doing email signature updates?

    Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

    Join & Write a Comment

    On a regular basis I get questions about slow RDP performance, RDP connection problems, strange errors and even BSOD, remote computers freezing or restarting after initiation of a remote session. In a lot of this cases the quick solutions made b…
    If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    26 Experts available now in Live!

    Get 1:1 Help Now