Query disabled users and delete their memberof associations

[bryan]

Hi guys

I have been testing the following script and it is failing on line <41, 58>
"microsoft vbscript compilation error: Unterminated string constant"

Any ideas?

Also, are you able to sanitise the script itself to see if my logic is
correct?

Much thanks in advance

Cheers
Bry



***********************************************

Option Explicit

Dim objDSE, objConnection, objCommand, objRecordset, i

Set objDSE = GetObject("LDAP://rootDSE")

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open

Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection

objCommand.CommandText = _
"<LDAP://DC=TEST,DC=cp,DC=uk>;" & _

"(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))"


Set objRecordset = objCommand.Execute

i = 0
If Not objRecordset.EOF Then
While Not objRecordset.EOF
i = i + 1
Call ModifyObject(objRecordset.Fields("arrMemberOf"))
objRecordset.MoveNext
Wend
WScript.Echo "Modified " & i & " objects"
Else
WScript.Echo "No objects to modify"
End if

objRecordset.Close
objConnection.Close

Sub ModifyObject(strObjectUser)
Dim objUser

Const ADS_PROPERTY_DELETE = 4
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D

Set objUser = GetObject("LDAP://" & strObjectUser"))
arrMemberOf = objUser.GetEx("MemberOf")

If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
WScript.Echo "No Group Memberships Found"
WScript.Quit

End If

For each group in arrMemberOf
Set objGroup = GetObject("LDAP://" & Group)
objGroup.PutEx ADS_PROPERTY_DELETE, _
"member", Array("strObjectUser")

objGroup.SetInfo
End Sub

***********************************************

"Joe Richards [MVP]" wrote:

> Yep it absolutely does. :)
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> Author of O'Reilly Active Directory Third Edition
> www.joeware.net
>
>
> ---O'Reilly Active Directory Third Edition now available---
>
> http://www.joeware.net/win/ad3e.htm
>
>
> Paul Williams [MVP] wrote:
> > Thankfully we don't have multiple domains, which means I can avoid such a
> > royal PITA! ;-)
> >
> > We made a concious decision to have one big fat domain, as opposed to four
> > or five smaller ones. Which is simplifying the design and deployment of a
> > number of large enterprise apps.
> >
>

[Joe Richards [MVP]]

This issue is likely the quote character in the line

Set objUser = GetObject("LDAP://" & strObjectUser"))

just before the last set of parens.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


bryan wrote:
> Hi guys
>
> I have been testing the following script and it is failing on line <41, 58>
> "microsoft vbscript compilation error: Unterminated string constant"
>
> Any ideas?
>
> Also, are you able to sanitise the script itself to see if my logic is
> correct?
>
> Much thanks in advance
>
> Cheers
> Bry
>
>
>
> ***********************************************
>
> Option Explicit
>
> Dim objDSE, objConnection, objCommand, objRecordset, i
>
> Set objDSE = GetObject("LDAP://rootDSE")
>
> Set objConnection = CreateObject("ADODB.Connection")
> objConnection.Provider = "ADsDSOObject"
> objConnection.Open
>
> Set objCommand = CreateObject("ADODB.Command")
> Set objCommand.ActiveConnection = objConnection
>
> objCommand.CommandText = _
> "<LDAP://DC=TEST,DC=cp,DC=uk>;" & _
>
> "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))"
>
>
> Set objRecordset = objCommand.Execute
>
> i = 0
> If Not objRecordset.EOF Then
> While Not objRecordset.EOF
> i = i + 1
> Call ModifyObject(objRecordset.Fields("arrMemberOf"))
> objRecordset.MoveNext
> Wend
> WScript.Echo "Modified " & i & " objects"
> Else
> WScript.Echo "No objects to modify"
> End if
>
> objRecordset.Close
> objConnection.Close
>
> Sub ModifyObject(strObjectUser)
> Dim objUser
>
> Const ADS_PROPERTY_DELETE = 4
> Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
>
> Set objUser = GetObject("LDAP://" & strObjectUser"))
> arrMemberOf = objUser.GetEx("MemberOf")
>
> If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
> WScript.Echo "No Group Memberships Found"
> WScript.Quit
>
> End If
>
> For each group in arrMemberOf
> Set objGroup = GetObject("LDAP://" & Group)
> objGroup.PutEx ADS_PROPERTY_DELETE, _
> "member", Array("strObjectUser")
>
> objGroup.SetInfo
> End Sub
>
> ***********************************************
>
> "Joe Richards [MVP]" wrote:
>
>> Yep it absolutely does. :)
>>
>> --
>> Joe Richards Microsoft MVP Windows Server Directory Services
>> Author of O'Reilly Active Directory Third Edition
>> www.joeware.net
>>
>>
>> ---O'Reilly Active Directory Third Edition now available---
>>
>> http://www.joeware.net/win/ad3e.htm
>>
>>
>> Paul Williams [MVP] wrote:
>>> Thankfully we don't have multiple domains, which means I can avoid such a
>>> royal PITA! ;-)
>>>
>>> We made a concious decision to have one big fat domain, as opposed to four
>>> or five smaller ones. Which is simplifying the design and deployment of a
>>> number of large enterprise apps.
>>>

[Paul Williams [MVP]]

Joe picked out the typo in the other thread -

Needs to be

Set objUser = GetObject("LDAP://" & strObjectUser)


Basically, you're making the brackets a string. Which you don't want to do.

There's also too many closing brackets. You only need one, for the
getObject call.


--
Paul Williams
Microsoft MVP - Windows Server - Directory Services

[bryan]

Hi Joe

First of all, apologies for delay in getting back to you - I have only just
got back to check this query.

I shall give it a try and let you know how it goes.

Many many thanks for your reply.

Kind rgds
Bry

[quickslip]

Bryan - were you ever able to get this ? I have been searching for the same thing and have not really come up with anything.
Any suggestions would be greatly appreciated.

[Janos™]

I just found out a script posted by someone else that accomplishes what I wanted but not sure whether it will work for you or not. The script will search ad for distribution groups that contain disabled user accounts and list the groups and users. I pipe the results to a csv file. Then you run the script with a switch that will remove the disabled users from these lists. Here is a link to the script.