Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 290
  • Last Modified:

VB Script Needed to cleanup a security group

I have a list of user account name's and a specific security group that I would like to see if someone has a script that will remove only the users in a specific text file?
0
seaninman
Asked:
seaninman
  • 3
  • 2
1 Solution
 
TheGorbyCommented:
I could do this using AutoIT instead of VB, if you're interested.

If so, how is the text file organized? One user per line, or comma separated?
0
 
seaninmanAuthor Commented:
Im not familiar with AutoIT, but the text file is one user per line.
0
 
TheGorbyCommented:
AutoIT is a simplified type of code that allows you to compile scripts into exe's that can be run on any Windows computer. You would need to download and install AutoIT (http://www.autoitscript.com/site/autoit/downloads/) on any computer, copy the code below into the Scite editor that comes with it, and press F7 to compile it into an exe.

This code below works if your user accounts are in the default Users OU, and the security group is in the root OU. If your setup is different and you need me to change it, send me your OU structure. You can use fake names like OU1, OU2, etc. that you can change later if you want.
#include <File.au3>

Dim $sOU,$sGroup,$sUser,$sDNSDomain
Dim $oRootLDAP,$oGroup,$oUser
Dim $aList

$sTextfile="C:\UserTextFile.txt"
$sOU="CN=Users,"
$sGroup="CN=Name of Security Group,"
$oRootLDAP=ObjGet("LDAP://RootDSE")
$sDNSDomain=$oRootLDAP.Get("DefaultNamingContext")
$oGroup=ObjGet("LDAP://"& $sGroup & $sDNSDomain)

_FileReadToArray($sTextfile,$aList)

For $i = 1 To $aList[0]
	$aList[$i]=StringStripWS($aList[$i],3)
Next

For $i = 1 To $aList[0]
	$sUser="CN=" & $aList[$i] & ","
	$oUser=ObjGet("LDAP://"& $sUser & $sOU & $sDNSDomain)
	If @error Then
		MsgBox(0,"Error","Could not find user """ & $aList[$i] & """ in the specified OU.")
	Else
		$oGroup.remove($oUser.ADsPath)
	EndIf
Next

Open in new window

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
morpheiosCommented:
Its simple

Dim objFSO
Dim objReadFile
Dim strContents
Dim objGroup
Dim objUser
Dim strLine

Const ADS_PROPERTY_DELETE = 4 

Const UFile = "users.txt"

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objReadFile = objFSO.OpenTextFile(UFile, 1)
strContents = Split(objReadFile.ReadAll,vbNewline) 

Set objGroup = GetObject("LDAP://CN=Test Group,OU=Users Test,DC=RUSIMPORT,dc=int")
For Each objUser In objGroup.Members
    For Each strLine In strContents
      If strLine=objUser.sAMAccountName Then
        Wscript.Echo objUser.sAMAccountName
        objGroup.PutEx ADS_PROPERTY_DELETE, "member", Array(objUser.distinguishedName)
        objGroup.SetInfo
      End if 
    Next
Next

Open in new window


users.txt must contain users logins.
0
 
morpheiosCommented:
Change CN=Test Group,OU=Users Test,DC=RUSIMPORT,dc=int to your group name, OU name, and domain name
0
 
morpheiosCommented:
More universal script:
Dim objFSO
Dim objReadFile
Dim strContents
Dim objGroup
Dim objUser
Dim strLine

Const ADS_PROPERTY_DELETE = 4 

Const UFile = "users.txt"
Const SGroup = "Test Group"

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objReadFile = objFSO.OpenTextFile(UFile, 1)
strContents = Split(objReadFile.ReadAll,vbNewline) 

Set objGroup = GetObject(GetDN(SGroup))
For Each objUser In objGroup.Members
    For Each strLine In strContents
      If strLine=objUser.sAMAccountName Then
        objGroup.PutEx ADS_PROPERTY_DELETE, "member", Array(objUser.distinguishedName)
        objGroup.SetInfo
      End if 
    Next
Next

Function GetDN(sGroup)
    Set rootDSE=GetObject("LDAP://RootDSE")
    DomainContainer = rootDSE.Get("defaultNamingContext")

    Set conn = CreateObject("ADODB.Connection")
    conn.Provider = "ADSDSOObject"
    conn.Open "ADs Provider"

    ldapStrUsers = "<GC://" & DomainContainer & _
    ">;(&(&(& (cn=" & sGroup & _
    ") (| (&(objectCategory=*)(objectClass=*)) ))));adspath;subtree"

    Set rs1 = conn.Execute(ldapStrUsers)

    While Not rs1.EOF
          Set FoundObject = GetObject (rs1.Fields(0).Value)
          GetDN = "LDAP://" & FoundObject.distinguishedName
          rs1.MoveNext
    Wend

    Set rs1=Nothing
    Set conn = Nothing
    Set rootDSE = Nothing
End Function

Open in new window


Not needed to write OU and Domain Name
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now