Re: Query disabled users and delete their memberof associations
Hi guys
I have been testing the following script and it is failing on line <41, 58>
"microsoft vbscript compilation error: Unterminated string constant"
Any ideas?
Also, are you able to sanitise the script itself to see if my logic is
correct?
Much thanks in advance
Cheers
Bry
***********************************************
Option Explicit
Dim objDSE, objConnection, objCommand, objRecordset, i
Set objDSE = GetObject("LDAP://rootDSE")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
"<LDAP://DC=TEST,DC=cp,DC=uk>;" & _
"(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))"
Set objRecordset = objCommand.Execute
i = 0
If Not objRecordset.EOF Then
While Not objRecordset.EOF
i = i + 1
Call ModifyObject(objRecordset.Fields("arrMemberOf"))
objRecordset.MoveNext
Wend
WScript.Echo "Modified " & i & " objects"
Else
WScript.Echo "No objects to modify"
End if
objRecordset.Close
objConnection.Close
Sub ModifyObject(strObjectUser)
Dim objUser
Const ADS_PROPERTY_DELETE = 4
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
Set objUser = GetObject("LDAP://" & strObjectUser"))
arrMemberOf = objUser.GetEx("MemberOf")
If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
WScript.Echo "No Group Memberships Found"
WScript.Quit
End If
For each group in arrMemberOf
Set objGroup = GetObject("LDAP://" & Group)
objGroup.PutEx ADS_PROPERTY_DELETE, _
"member", Array("strObjectUser")
objGroup.SetInfo
End Sub
***********************************************
"Joe Richards [MVP]" wrote:
> Yep it absolutely does. :)
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> Author of O'Reilly Active Directory Third Edition
> www.joeware.net
>
>
> ---O'Reilly Active Directory Third Edition now available---
>
> http://www.joeware.net/win/ad3e.htm
>
>
> Paul Williams [MVP] wrote:
> > Thankfully we don't have multiple domains, which means I can avoid such a
> > royal PITA! ;-)
> >
> > We made a concious decision to have one big fat domain, as opposed to four
> > or five smaller ones. Which is simplifying the design and deployment of a
> > number of large enterprise apps.
> >
>
Re: Query disabled users and delete their memberof associations
This issue is likely the quote character in the line
Set objUser = GetObject("LDAP://" & strObjectUser"))
just before the last set of parens.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
bryan wrote:
> Hi guys
>
> I have been testing the following script and it is failing on line <41, 58>
> "microsoft vbscript compilation error: Unterminated string constant"
>
> Any ideas?
>
> Also, are you able to sanitise the script itself to see if my logic is
> correct?
>
> Much thanks in advance
>
> Cheers
> Bry
>
>
>
> ***********************************************
>
> Option Explicit
>
> Dim objDSE, objConnection, objCommand, objRecordset, i
>
> Set objDSE = GetObject("LDAP://rootDSE")
>
> Set objConnection = CreateObject("ADODB.Connection")
> objConnection.Provider = "ADsDSOObject"
> objConnection.Open
>
> Set objCommand = CreateObject("ADODB.Command")
> Set objCommand.ActiveConnection = objConnection
>
> objCommand.CommandText = _
> "<LDAP://DC=TEST,DC=cp,DC=uk>;" & _
>
> "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))"
>
>
> Set objRecordset = objCommand.Execute
>
> i = 0
> If Not objRecordset.EOF Then
> While Not objRecordset.EOF
> i = i + 1
> Call ModifyObject(objRecordset.Fields("arrMemberOf"))
> objRecordset.MoveNext
> Wend
> WScript.Echo "Modified " & i & " objects"
> Else
> WScript.Echo "No objects to modify"
> End if
>
> objRecordset.Close
> objConnection.Close
>
> Sub ModifyObject(strObjectUser)
> Dim objUser
>
> Const ADS_PROPERTY_DELETE = 4
> Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
>
> Set objUser = GetObject("LDAP://" & strObjectUser"))
> arrMemberOf = objUser.GetEx("MemberOf")
>
> If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
> WScript.Echo "No Group Memberships Found"
> WScript.Quit
>
> End If
>
> For each group in arrMemberOf
> Set objGroup = GetObject("LDAP://" & Group)
> objGroup.PutEx ADS_PROPERTY_DELETE, _
> "member", Array("strObjectUser")
>
> objGroup.SetInfo
> End Sub
>
> ***********************************************
>
> "Joe Richards [MVP]" wrote:
>
>> Yep it absolutely does. :)
>>
>> --
>> Joe Richards Microsoft MVP Windows Server Directory Services
>> Author of O'Reilly Active Directory Third Edition
>> www.joeware.net
>>
>>
>> ---O'Reilly Active Directory Third Edition now available---
>>
>> http://www.joeware.net/win/ad3e.htm
>>
>>
>> Paul Williams [MVP] wrote:
>>> Thankfully we don't have multiple domains, which means I can avoid such a
>>> royal PITA! ;-)
>>>
>>> We made a concious decision to have one big fat domain, as opposed to four
>>> or five smaller ones. Which is simplifying the design and deployment of a
>>> number of large enterprise apps.
>>>
Re: Query disabled users and delete their memberof associations
Joe picked out the typo in the other thread -
Needs to be
Set objUser = GetObject("LDAP://" & strObjectUser)
Basically, you're making the brackets a string. Which you don't want to do.
There's also too many closing brackets. You only need one, for the
getObject call.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
Re: Query disabled users and delete their memberof associations
Hi Joe
First of all, apologies for delay in getting back to you - I have only just
got back to check this query.
I shall give it a try and let you know how it goes.
Many many thanks for your reply.
Kind rgds
Bry
Re: Query disabled users and delete their memberof associations
Bryan - were you ever able to get this ? I have been searching for the same thing and have not really come up with anything.
Any suggestions would be greatly appreciated.
Re: Query disabled users and delete their memberof associations
I just found out a script posted by someone else that accomplishes what I wanted but not sure whether it will work for you or not. The script will search ad for distribution groups that contain disabled user accounts and list the groups and users. I pipe the results to a csv file. Then you run the script with a switch that will remove the disabled users from these lists. Here is a link to the script.
