Ben Christian - Ben’s Tech Blog » VBScript - Remove a user from all groups and export their current group membership

VBScript - Remove a user from all groups and export their current group membership

null View Script (right click to download)

Removing a user from all groups sounds pretty straight forward, and there are some examples on various sites. Most of the examples however don’t take into account the user’s primary group. Why is this important? Well, when you’re using the LDAP:// moniker to retrieve group membership via GetEx, the results don’t include the primary group. At the company I currently work for we migrated from several NT4 domains, so the Primary group isn’t always the Domain Users group in our AD domain. To get around this, the script sets Domain Users as the user’s primary group before removing the users from all of the groups.

The script requires you to create a file called input.txt and populate it with the list of display names of the users that you want to remove from all groups (list each display name on a separate line). For each user in the text file, the script will set the Domain Users group as the primary group, and then remove the user from all of the groups that they are a member of. It creates two output files, one is the list of users with the groups that they were a member of, the other is a tab-delimited log file that can be opened in Excel. The group membership output file is helpful in case you need to add the user back into their existing groups.

null View Script (right click to download)

3 Comments »

Sharath said,

May 24, 2007 @ 4:49 am

Hi,

What are the changes i need to do in the script.What files should i create.

THX
Sharath
Ben Christian said,

May 24, 2007 @ 8:06 pm

Hi Sharath,

-The only changes that you need to make in the script are the locations of the input and output files (unless create a folder path called c:\scripts\stripgroups).

-You need to create a file called input.txt and list the display name of each user that you want to process on each line in that file. The output files are automatically created.

-You don’t need to supply a domain name, the script will search the current domain (the domain that the user running the script is logged into) for users that are listed in the input file and then process them.

-If the “domain users” group has been moved from the default location in AD then you will need to adjust the script.

Let me know how you go.
michael jones said,

October 27, 2007 @ 12:29 am

Really nice site! I am glad that i have found it! I Want a membership!:) I completely agree with you about the script! Good post! Thank you for it!

RSS feed for comments on this post · TrackBack URI

Ben’s Tech Blog

VBScript - Remove a user from all groups and export their current group membership

3 Comments »

Sharath said,

Ben Christian said,

michael jones said,

Leave a Comment

Categories

Disclaimer

Archives

Resources

Meta

		Categories
Active Directory (8) Blogging (1) CRM (1) Exchange 2003 (7) MailSweeper (1) MCSE (4) Messaging (8) Mind Maps (2) Outlook (8) PowerShell (4) Scripting (12) SCVMM (3) Security (4) Software (4) SQL (1) Tools (1) Uncategorized (2) Windows Desktop (10) Windows Server (6)

		Disclaimer
All content on this site is provided 'AS IS'. Information and scripts are to be used by individuals or organisations at their own risk. Do not implement any solutions or changes based on the information or scripts on this site without first testing them in a non-production environment. I cannot be held responsible for any loss of data or damage that may result from the use of the information or scripts that are provided on this site. If you believe that any information on this site is incorrect, please contact me..