If you have a file of group Distinguished Names (DN's), the code could be
similar to below:
=========
Const ForReading = 1
' Specify file of group Distinguished Names.
strFile = "c:\scripts\groups.txt"
' Specify Distinguished Name of OU. All users in this OU
' that are members of the any of the groups will be removed.
strOU = "ou=Sales,ou=West,dc=MyDomain,dc=com"
' Open the file for read access.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFile, ForReading)
' Read the file.
Do Until objFile.AtEndOfStream
' Retrieve group DN.
strGroupDN = Trim(objFile.ReadLine)
' Skip blank lines.
If (strGroupDN <> "") Then
' Bind to the group.
Set objGroup = GetObject("LDAP://" & strGroupDN)
' Enumerate all direct members of the group.
For Each objMember In objGroup.Members
' Retrieve DN of parent container/OU of member.
Set objParent = GetObject(objMember.Parent)
strParentDN = objParent.distinguishedName
' Compare to specified OU.
If (LCase(strParentDN) = LCase(strOU)) Then
' Remove the member from the group.
objGroup.Remove(objMember.AdsPath)
End If
Next
End If
Loop
' Clean up.
objFile.Close
=========
--
Richard Mueller
MVP Directory Services
Hilltop Lab -
http://www.rlmueller.net
--
"Richard Mueller [MVP]" <rlmueller-> wrote in
message news:%238G%...
> There needs to be a way to identify the groups. If you mean all groups in
> a specified OU you could enumerate them with code similar to:
> ====
> ' Specify Distinguished Name of OU. All users in this OU
> ' that are members of the specified group will be removed.
> strOU = "ou=Sales,ou=West,dc=MyDomain,dc=com"
>
> ' Bind to specified OU.
> Set objOU = GetObject("LDAP://ou=Sales,ou=West,dc=MyDomain,dc=com")
>
> ' Filter on group objects.
> objOU.Filter = Array("group")
>
> ' Enumerate all groups in the OU.
> For Each objGroup In objOU
> ' Enumerate all direct members of the group.
> For Each objMember In objGroup.Members
> ' Retrieve DN of parent container/OU of member.
> Set objParent = GetObject(objMember.Parent)
> strParentDN = objParent.distinguishedName
> ' Compare to specified OU.
> If (LCase(strParentDN) = LCase(strOU)) Then
> ' Remove the member from the group.
> objGroup.Remove(objMember.AdsPath)
> End If
> Next
> Next
> ========
> Otherwise, perhaps you can read group DN's from a text file.
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --
>
> "helena_carvalho via WinServerKB.com" <u50449@uwe> wrote in message
> news:9343d16a2e44a@uwe...
>> This script works when we have a few groups , I have 5000 groups.
>> There are a script do it.
>>
>> thanks
>>
>> Richard Mueller [MVP] wrote:
>>>> Hi,
>>>>
>>>[quoted text clipped - 4 lines]
>>>> thanks.
>>>> helena carvalho
>>>
>>>If you want to remove all members of a group that are in a specified OU,
>>>you
>>>can enumerate the direct members of the group, retrieve the DN of the
>>>parent
>>>container/OU, compare this to the DN of the specified OU, then remove
>>>members whose parent matches. For example:
>>>=======
>>>' Specify Distinguished Name of OU. All users in this OU
>>>' that are members of the specified group will be removed.
>>>strOU = "ou=Sales,ou=West,dc=MyDomain,dc=com"
>>>
>>>' Bind to the specified group.
>>>Set objGroup =
>>>GetObject("LDAP://cn=TestGroup,ou=West,dc=MyDomain,dc=com")
>>>
>>>' Enumerate all direct members of the group.
>>>For Each objMember In objGroup.
>>> ' Retrieve DN of parent container/OU of member.
>>> Set objParent = GetObject(objMember.Parent)
>>> strParentDN = objParent.distinguishedName
>>> ' Compare to specified OU.
>>> If (LCase(strParentDN) = LCase(strOU)) Then
>>> ' Remove the member from the group.
>>> objGroup.Remove(objMember.AdsPath)
>>> End If
>>>Next
>>>
>>
>> --
>> Message posted via WinServerKB.com
>> http://www.winserverkb.com/Uwe/Forum...pting/200903/1
>>
>
>
Similar Threads
Linear Mode
