Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Batch script to delete all users from domain admin group but administrators

Posted on 2014-11-19
3
Medium Priority
?
991 Views
Last Modified: 2015-01-14
Hi Guys,

What I wanna achieve is same as mentioned here - http://blogs.technet.com/b/heyscriptingguy/archive/2005/12/12/how-can-i-delete-everyone-except-the-administrator-and-the-domain-admins-group-from-the-local-administrators-group.aspx but how do I do it from a batch script.

I know the command to add administrators is
net localgroup administrators /add "domain\user", but I want a script that will delete all users from administrators group, even ones that are unknown and we dont want to use Group Policy for this.
0
Comment
Question by:manav08
  • 2
3 Comments
 
LVL 26

Accepted Solution

by:
NVIT earned 2000 total points
ID: 40453531
Put these into a .bat file.

Warning: I recommend testing this on a test group first. When you know it works, do it on the Domain Admins group.

Note: To actually run it, remove the ECHO in front of net group /delete

@echo off
if exist DomainAdmins.txt del DomainAdmins.txt
for /F "tokens=1,2,3,4,5 delims==, " %C in ('dsquery group -name "Domain Admins" ^| dsget group -members ^| dsget user -samid') do echo %C>>DomainAdmins.txt
echo Deleting members of Domain Admins...

for /F %%A in (DomainAdmins.txt) do (call :DoIt %%A)
goto :EOF

:DoIt
if %1 equ samid goto :EOF
if %1 equ dsget goto :EOF
ECHO net group /delete /domain "%1"

Open in new window

0
 
LVL 26

Expert Comment

by:NVIT
ID: 40549927
Hi manav08,
Did the solution help you? If so, I'd appreciate you closing the question appropriately.
0
 
LVL 11

Author Closing Comment

by:manav08
ID: 40550631
Apologies for my laziness in closing this question.
I havent tested but believe this is solution we were after
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question