|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Script AD remove all members groups OUHi,
I have more 5000 security groups in AD, and i need a script that remove all members to all groups in specified OU. can hep me. thanks. helena carvalho "helena_carvalho" <u50449@uwe> wrote in message news:93393962db97b@uwe... If you want to remove all members of a group that are in a specified OU, you > Hi, > > I have more 5000 security groups in AD, and i need a script that remove > all > members to all groups in specified OU. can hep me. > > thanks. > helena carvalho > can enumerate the direct members of the group, retrieve the DN of the parent container/OU, compare this to the DN of the specified OU, then remove members whose parent matches. For example: ======= ' Specify Distinguished Name of OU. All users in this OU ' that are members of the specified group will be removed. strOU = "ou=Sales,ou=West,dc=MyDomain,dc=com" ' Bind to the specified group. Set objGroup = GetObject("LDAP://cn=TestGroup,ou=West,dc=MyDomain,dc=com") ' Enumerate all direct members of the group. For Each objMember In objGroup. ' Retrieve DN of parent container/OU of member. Set objParent = GetObject(objMember.Parent) strParentDN = objParent.distinguishedName ' Compare to specified OU. If (LCase(strParentDN) = LCase(strOU)) Then ' Remove the member from the group. objGroup.Remove(objMember.AdsPath) End If Next This script works when we have a few groups , I have 5000 groups.
There are a script do it. thanks Richard Mueller [MVP] wrote: Show quoteHide quote >> Hi, >> >[quoted text clipped - 4 lines] >> thanks. >> helena carvalho > >If you want to remove all members of a group that are in a specified OU, you >can enumerate the direct members of the group, retrieve the DN of the parent >container/OU, compare this to the DN of the specified OU, then remove >members whose parent matches. For example: >======= >' Specify Distinguished Name of OU. All users in this OU >' that are members of the specified group will be removed. >strOU = "ou=Sales,ou=West,dc=MyDomain,dc=com" > >' Bind to the specified group. >Set objGroup = GetObject("LDAP://cn=TestGroup,ou=West,dc=MyDomain,dc=com") > >' Enumerate all direct members of the group. >For Each objMember In objGroup. > ' Retrieve DN of parent container/OU of member. > Set objParent = GetObject(objMember.Parent) > strParentDN = objParent.distinguishedName > ' Compare to specified OU. > If (LCase(strParentDN) = LCase(strOU)) Then > ' Remove the member from the group. > objGroup.Remove(objMember.AdsPath) > End If >Next > -- Message posted via WinServerKB.com http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-scripting/200903/1 There needs to be a way to identify the groups. If you mean all groups in a
specified OU you could enumerate them with code similar to: ==== ' Specify Distinguished Name of OU. All users in this OU ' that are members of the specified group will be removed. strOU = "ou=Sales,ou=West,dc=MyDomain,dc=com" ' Bind to specified OU. Set objOU = GetObject("LDAP://ou=Sales,ou=West,dc=MyDomain,dc=com") ' Filter on group objects. objOU.Filter = Array("group") ' Enumerate all groups in the OU. For Each objGroup In objOU ' Enumerate all direct members of the group. For Each objMember In objGroup.Members ' Retrieve DN of parent container/OU of member. Set objParent = GetObject(objMember.Parent) strParentDN = objParent.distinguishedName ' Compare to specified OU. If (LCase(strParentDN) = LCase(strOU)) Then ' Remove the member from the group. objGroup.Remove(objMember.AdsPath) End If Next Next ======== Otherwise, perhaps you can read group DN's from a text file. "helena_carvalho via WinServerKB.com" <u50449@uwe> wrote in message news:9343d16a2e44a@uwe...Show quoteHide quote > This script works when we have a few groups , I have 5000 groups. > There are a script do it. > > thanks > > Richard Mueller [MVP] wrote: >>> Hi, >>> >>[quoted text clipped - 4 lines] >>> thanks. >>> helena carvalho >> >>If you want to remove all members of a group that are in a specified OU, >>you >>can enumerate the direct members of the group, retrieve the DN of the >>parent >>container/OU, compare this to the DN of the specified OU, then remove >>members whose parent matches. For example: >>======= >>' Specify Distinguished Name of OU. All users in this OU >>' that are members of the specified group will be removed. >>strOU = "ou=Sales,ou=West,dc=MyDomain,dc=com" >> >>' Bind to the specified group. >>Set objGroup = GetObject("LDAP://cn=TestGroup,ou=West,dc=MyDomain,dc=com") >> >>' Enumerate all direct members of the group. >>For Each objMember In objGroup. >> ' Retrieve DN of parent container/OU of member. >> Set objParent = GetObject(objMember.Parent) >> strParentDN = objParent.distinguishedName >> ' Compare to specified OU. >> If (LCase(strParentDN) = LCase(strOU)) Then >> ' Remove the member from the group. >> objGroup.Remove(objMember.AdsPath) >> End If >>Next >> > > -- > Message posted via WinServerKB.com > http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-scripting/200903/1 > If you have a file of group Distinguished Names (DN's), the code could be
similar to below: ========= Const ForReading = 1 ' Specify file of group Distinguished Names. strFile = "c:\scripts\groups.txt" ' Specify Distinguished Name of OU. All users in this OU ' that are members of the any of the groups will be removed. strOU = "ou=Sales,ou=West,dc=MyDomain,dc=com" ' Open the file for read access. Set objFSO = CreateObject("Scripting.FileSystemObject") Set objFile = objFSO.OpenTextFile(strFile, ForReading) ' Read the file. Do Until objFile.AtEndOfStream ' Retrieve group DN. strGroupDN = Trim(objFile.ReadLine) ' Skip blank lines. If (strGroupDN <> "") Then ' Bind to the group. Set objGroup = GetObject("LDAP://" & strGroupDN) ' Enumerate all direct members of the group. For Each objMember In objGroup.Members ' Retrieve DN of parent container/OU of member. Set objParent = GetObject(objMember.Parent) strParentDN = objParent.distinguishedName ' Compare to specified OU. If (LCase(strParentDN) = LCase(strOU)) Then ' Remove the member from the group. objGroup.Remove(objMember.AdsPath) End If Next End If Loop ' Clean up. objFile.Close ========= Show quoteHide quote "Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in message news:%238G%23hpBqJHA.3364@TK2MSFTNGP06.phx.gbl... > There needs to be a way to identify the groups. If you mean all groups in > a specified OU you could enumerate them with code similar to: > ==== > ' Specify Distinguished Name of OU. All users in this OU > ' that are members of the specified group will be removed. > strOU = "ou=Sales,ou=West,dc=MyDomain,dc=com" > > ' Bind to specified OU. > Set objOU = GetObject("LDAP://ou=Sales,ou=West,dc=MyDomain,dc=com") > > ' Filter on group objects. > objOU.Filter = Array("group") > > ' Enumerate all groups in the OU. > For Each objGroup In objOU > ' Enumerate all direct members of the group. > For Each objMember In objGroup.Members > ' Retrieve DN of parent container/OU of member. > Set objParent = GetObject(objMember.Parent) > strParentDN = objParent.distinguishedName > ' Compare to specified OU. > If (LCase(strParentDN) = LCase(strOU)) Then > ' Remove the member from the group. > objGroup.Remove(objMember.AdsPath) > End If > Next > Next > ======== > Otherwise, perhaps you can read group DN's from a text file. > > -- > Richard Mueller > MVP Directory Services > Hilltop Lab - http://www.rlmueller.net > -- > > "helena_carvalho via WinServerKB.com" <u50449@uwe> wrote in message > news:9343d16a2e44a@uwe... >> This script works when we have a few groups , I have 5000 groups. >> There are a script do it. >> >> thanks >> >> Richard Mueller [MVP] wrote: >>>> Hi, >>>> >>>[quoted text clipped - 4 lines] >>>> thanks. >>>> helena carvalho >>> >>>If you want to remove all members of a group that are in a specified OU, >>>you >>>can enumerate the direct members of the group, retrieve the DN of the >>>parent >>>container/OU, compare this to the DN of the specified OU, then remove >>>members whose parent matches. For example: >>>======= >>>' Specify Distinguished Name of OU. All users in this OU >>>' that are members of the specified group will be removed. >>>strOU = "ou=Sales,ou=West,dc=MyDomain,dc=com" >>> >>>' Bind to the specified group. >>>Set objGroup = >>>GetObject("LDAP://cn=TestGroup,ou=West,dc=MyDomain,dc=com") >>> >>>' Enumerate all direct members of the group. >>>For Each objMember In objGroup. >>> ' Retrieve DN of parent container/OU of member. >>> Set objParent = GetObject(objMember.Parent) >>> strParentDN = objParent.distinguishedName >>> ' Compare to specified OU. >>> If (LCase(strParentDN) = LCase(strOU)) Then >>> ' Remove the member from the group. >>> objGroup.Remove(objMember.AdsPath) >>> End If >>>Next >>> >> >> -- >> Message posted via WinServerKB.com >> http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-scripting/200903/1 >> > >  
Thread options
Other interesting topics
Schedule Defrag through GPO (non admin)
Access protected folders using system account If syntax for numeric values SBS 2003 VB Scripting - Help Needed! help with logon vbs script Script to set share permissions on home directories LDAP query fails... because of parentheses? Change Password Script for Thunderbird configuration Script to find the presence of a software |
|||||||||||||||||||||||
