Option Explicit
On Error Goto 0
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set wshNetwork = WScript.CreateObject("WScript.Network")
wscript.echo vbcrlf
wscript.echo "COMPANY - REMOVE GROUP MEMBERSHIP FOR DISABLED USERS "
wscript.echo "--------------------------------------------------"
wscript.echo "WARNING! This will remove group membership for disabled users!"
wscript.echo vbcrlf
' CONFIRMATION
Dim strAnswer, myQuestion, strdirectory, strfile, strDate, strBreak, myanw, wshNetwork
Dim objFSO, objFolder, objShell, objTextFile, objFile, intanswer, open, strthere
Dim conn, com, conn1
strDate = Now
strBreak = "***************************************************"
Const ForAppending = 8
WScript.StdOut.Write "Do you want to continue? (Y/N)"
strAnswer = wscript.stdin.readline
if not StrComp(strAnswer,"Y",1) = 0 then
wscript.echo "Process aborted."
wscript.quit
else
wscript.echo "There are only 2 modes: TEST & REMOVE. Would you like to run in Test Mode? (Y/N)"
myQuestion = wscript.stdin.readline
if not StrComp(myQuestion,"N",1) = 0 then
Call TestLog
Else
wscript.echo "WARNING! YOU HAVE SELECTED TO RUN THIS IN REMOVE MODE"
strthere = MsgBox("WARNING! YOU HAVE SELECTED TO RUN THIS IN REMOVE MODE. DO YOU WANT TO CONTINUE?", vbYesNo, "Confirmation")
If strthere = vbYes Then
Call Removeusers
Else
wscript.echo "Process aborted."
wscript.quit
End If
End If
End If
wscript.echo " "
wscript.echo "**************************"
Wscript.echo " ACTION IS COMPLETE! "
wscript.echo "**************************"
' WScript.StdOut.Write "Do you want to display the file? (Y/N)"
' myanw = wscript.stdin.readline
' if not StrComp(myanw,"Y",1) = 0 then
' wscript.echo "OK!"
' wscript.echo vbcrlf
' else
' wscript.echo vbcrlf
' Set objShell = CreateObject("WScript.Shell")
' objShell.run ("Explorer" & " " & strDirectory & "\" )
' End If
wscript.echo vbcrlf
wscript.echo "ATTENTION: The files are on the root of C:\"
wscript.echo " Be sure to remove these files as needed."
''''''''''''''''''''''''''''''''''
' FUNCTIONS
''''''''''''''''''''''''''''''''''
Function TestLog
wscript.echo vbcrlf
wscript.echo "*******************************************"
wscript.echo "********** RUNNING IN TEST MODE ***********"
wscript.echo "*******************************************"
' CREATE FILE
strDirectory = "C:\"
strFile = "TestExport-" & getDate & ".log"
Set objTextFile = objFSO.OpenTextFile _
(strFile, ForAppending, True)
objTextFile.WriteLine()
objTextFile.WriteLine(strbreak)
objTextFile.WriteLine(strDate)
objTextfile.WriteLine(" Domain: " & wshNetwork.UserDomain)
objTExtFIle.WriteLine(" Computer Name: " & wshNetwork.ComputerName)
objTextFile.WriteLine(" User name that ran script: " & wshNetwork.UserName)
' END CREATION FILE
wscript.echo "Logging to:" & strfile & "..."
intanswer = true
Call QueryAD
End Function
Function Removeusers
wscript.echo vbcrlf
wscript.echo "*******************************************"
wscript.echo "********* RUNNING IN REMOVE MODE **********"
wscript.echo "*******************************************"
' CREATE FILE
strDirectory = "C:\"
strFile = "RemoveGrp-" & getDate & ".log"
Set objTextFile = objFSO.OpenTextFile _
(strFile, ForAppending, True)
objTextFile.WriteLine()
objTextFile.WriteLine(strbreak)
objTextFile.WriteLine(strDate)
objTextfile.WriteLine(" Domain: " & wshNetwork.UserDomain)
objTExtFIle.WriteLine(" Computer Name: " & wshNetwork.ComputerName)
objTextFile.WriteLine(" User name that ran script: " & wshNetwork.UserName)
' END CREATION OF FILE
wscript.echo "Logging to:" & strfile & "..."
intanswer = false
Call QueryAD
End Function
Function QueryAD
' This function will Query AD for Disabled Users within a specific OU that you define.
' You MUST modify the OU name!
Dim conn, com, conn1, iAdRootDSE, strNamingContext, strDefaultNamingContext, objParentRS
Dim objChildRS, strSQL, strConnString, strNameingContext, QueryFilter, strQuery, rs, strLocation
Dim Rs1, objuser, objgroup, objuserDisNam, objGroupDisName
wscript.echo " "
wscript.echo "Attaching to Active Directory....."
set conn = createobject("ADODB.Connection")
set com = createobject("ADODB.Command")
set conn1 = createobject("ADODB.Connection")
strConnString = "Data Provider=NONE; Provider=MSDataShape"
conn1.Open strConnString
Set iAdRootDSE = GetObject("LDAP://RootDSE")
strNameingContext = iAdRootDSE.Get("configurationNamingContext")
strDefaultNamingContext = iAdRootDSE.Get("defaultNamingContext")
Set objParentRS = createobject("adodb.recordset")
Set objChildRS = createobject("adodb.recordset")
strSQL = "SHAPE APPEND" & _
" NEW adVarChar(255) AS GRPDisplayName, " & _
" NEW adVarChar(255) AS GRPDN, " & _
" ((SHAPE APPEND " & _
" NEW adVarChar(255) AS USDisplayName, " & _
" NEW adVarChar(255) AS USDN, " & _
" NEW adVarChar(255) AS USGRPDisplayName, " & _
" NEW adVarChar(255) AS USGRPDN " & _
")" & _
" RELATE GRPDN TO USGRPDN) AS rsGRPUS "
objParentRS.LockType = 3
objParentRS.Open strSQL, conn1
Conn.Provider = "ADsDSOObject"
Conn.Open "ADs Provider"
QueryFilter = "(&(distinguishedName=*)(|(objectCategory=group)))"
strQuery = "<LDAP://" & strDefaultNamingContext & ">;" & QueryFilter & ";distinguishedName,displayname;subtree"
Com.ActiveConnection = conn
Com.CommandText = strQuery
Set rs = Com.Execute
while not rs.eof
objParentRS.addnew
objParentRS("GRPDisplayName") = rs.fields("displayname")
objParentRS("GRPDN") = rs.fields("distinguishedName")
objParentRS.update
rs.movenext
wend
QueryFilter = "(&(&(distinguishedName=*)(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=2)))"
strLocation = "OU=DST,DC=cbfive,DC=com"
strQuery = "<LDAP://" & strLocation & ">;" & QueryFilter & ";distinguishedName,displayname,legacyExchangeDN,homemdb;subtree"
wscript.echo "***********************************************"
wscript.echo " Looking for Disabled Users in "
wscript.echo strLocation
wscript.echo "***********************************************"
Com.ActiveConnection = conn
Com.CommandText = strQuery
Set Rs1 = Com.Execute
Set objChildRS = objParentRS("rsGRPUS").Value
while Not rs1.eof
if instr(rs1.fields("displayname"),"SystemMailbox{") = 0 then
set objuser = getobject("LDAP://" & replace(rs1.fields("distinguishedName"),"/","\/"))
For each objgroup in objuser.groups
objChildRS.addnew
objChildRS("USDisplayName") = rs1.fields("displayname")
objChildRS("USDN") = rs1.fields("distinguishedName")
objChildRS("USGRPDisplayName") = objgroup.name
objChildRS("USGRPDN") = objgroup.distinguishedName
objChildRS.update
next
end if
rs1.movenext
'wscript.echo
Wend
wscript.echo " "
wscript.echo " Writing information to file... "
wscript.echo " "
wscript.echo "***********************************************"
objParentRS.MoveFirst
'WScript.Echo "Start of parent file"
'WScript.Echo objParentRS.EOF
'WScript.Sleep 1000
Do While Not objParentRS.EOF
Set objChildRS = objParentRS("rsGRPUS").Value
'WScript.Echo "Start of child file"
'WScript.Echo objchildRS.EOF
'WScript.Sleep 1000
If objChildRS.recordCount <> 0 Then
objTextFile.WriteLine()
objTextFile.WriteLine(" Group Name: " & objParentRS.fields("GRPDisplayName"))
Do While Not objChildRS.EOF
Set objgroup = getobject("LDAP://" & replace(objChildRS.fields("USGRPDN"),"/","\/"))
'Set objgroupDisNam = getobject("LDAP://" & replace(objChildRS.fields("USGRPDisplayName"),"/","\/"))
Set objuser = getobject("LDAP://" & replace(objChildRS.fields("USDN"),"/","\/"))
'Set objuserDisNam = getobject("LDAP://" & replace(objChildRS.fields("USDisplayName"),"/","\/"))
Set objFolder = objFSO.GetFolder(strDirectory)
Set objFolder = objFSO.GetFolder(strDirectory)
Set objFile = Nothing
Set objFolder = Nothing
'objTextFile.WriteLine()
'objTextFile.WriteLine(" Group User was Removed from: " & objParentRS.fields("GRPDisplayName"))
'objTextFile.WriteLine(" Group: " & objgroup)
objTextFile.Writeline(" User Name: " & objChildRS.fields("USDisplayName"))
'objTextFile.WriteLine()
'objTexFile.WriteLine(" User: " & objChildRSRS.fields("USDN"))
'WScript.Echo intanswer
If intanswer = False Then
objGroup.Remove(objUser.AdsPath)
objgroup.setinfo
End If
objChildRS.MoveNext
Loop
end if
objParentRS.MoveNext
Loop
'WScript.Echo "End of parent file"
'WScript.Echo objParentRS.EOF
'WScript.Sleep 1000
End Function
Function getDate()
Dim myMonth, myDay, mydate
myMonth = month(now)
myDay = day(now)
if len(myMonth) = 1 then
myMonth = "0" & myMonth
end if
if len(myDate) = 1 then
myDay = "0" & myDay
end if
getDate = year(now) & myMonth & myDay & hour(time) & minute(time)
Subscribe