?
Solved

Batch script to delete all users from domain admin group but administrators

Posted on 2014-11-19
3
Medium Priority
?
852 Views
Last Modified: 2015-01-14
Hi Guys,

What I wanna achieve is same as mentioned here - http://blogs.technet.com/b/heyscriptingguy/archive/2005/12/12/how-can-i-delete-everyone-except-the-administrator-and-the-domain-admins-group-from-the-local-administrators-group.aspx but how do I do it from a batch script.

I know the command to add administrators is
net localgroup administrators /add "domain\user", but I want a script that will delete all users from administrators group, even ones that are unknown and we dont want to use Group Policy for this.
0
Comment
Question by:manav08
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 25

Accepted Solution

by:
NVIT earned 2000 total points
ID: 40453531
Put these into a .bat file.

Warning: I recommend testing this on a test group first. When you know it works, do it on the Domain Admins group.

Note: To actually run it, remove the ECHO in front of net group /delete

@echo off
if exist DomainAdmins.txt del DomainAdmins.txt
for /F "tokens=1,2,3,4,5 delims==, " %C in ('dsquery group -name "Domain Admins" ^| dsget group -members ^| dsget user -samid') do echo %C>>DomainAdmins.txt
echo Deleting members of Domain Admins...

for /F %%A in (DomainAdmins.txt) do (call :DoIt %%A)
goto :EOF

:DoIt
if %1 equ samid goto :EOF
if %1 equ dsget goto :EOF
ECHO net group /delete /domain "%1"

Open in new window

0
 
LVL 25

Expert Comment

by:NVIT
ID: 40549927
Hi manav08,
Did the solution help you? If so, I'd appreciate you closing the question appropriately.
0
 
LVL 11

Author Closing Comment

by:manav08
ID: 40550631
Apologies for my laziness in closing this question.
I havent tested but believe this is solution we were after
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question