You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » COM Scripting » Deleting AD Accounts
Register User       Forum List       Calendar       FAQ
Page 1 of 1 1
Topic Options
#192868 - 2009-03-13 02:54 PM Deleting AD Accounts
HarrowCactus Offline
Fresh Scripter

Registered: 2006-04-12
Posts: 10
Loc: United Kingdom
I have a requirement to delete all Disabled accounts and the Disabled account's Home drive, share and profile.

At present there are over 300 Disabled accounts on the Domain.

Does anyone have a way of doing this?

Any help would be great.
Top
#192869 - 2009-03-13 03:14 PM Re: Deleting AD Accounts [Re: HarrowCactus]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
sure, but not that simple.

deleting homedrive and profile is a file thing, not that hard.
removing share, not that hard either. you need some com-code or poke the server's registry.

and then some old style net user code to collect the users and delete them.
or new style with ADSI.

so, you don't have ANY CODE?
and you don't even know where to start?
_________________________
!

download KiXnet

Top
#192871 - 2009-03-13 03:59 PM Re: Deleting AD Accounts [Re: Lonkero]
HarrowCactus Offline
Fresh Scripter

Registered: 2006-04-12
Posts: 10
Loc: United Kingdom
The last time I had to do this I used a Product called Hyena, to create a report which I then saved as text files One for each of the profile path, home directory.

AS the Home directory and share name is the same I used share.vbs to remove the share then delete the directory using the "rmdir" command.

Then after all was deleted I went back to Hyena and deleted the accounts
Top
#192872 - 2009-03-13 04:02 PM Re: Deleting AD Accounts [Re: Lonkero]
BradV Offline
Seasoned Scripter
****

Registered: 2006-08-16
Posts: 686
Loc: Maryland, USA
If you don't have any code yet, like Lonk said, start breaking up your task. I think the first thing you need to do is write (copy) some code to query the active directory and identify the the disabled accounts. I know there is plenty of such code in the forums. You can do it all from within kix.
Top
#192873 - 2009-03-13 04:10 PM Re: Deleting AD Accounts [Re: BradV]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4673
Loc: The Netherlands
Below is how to get all users that are disabled. You might get some account that are disabled but should not be deleted. Like Guest, etc... so a check on the name before deleting it would be best.

 Code:
Break on

;Get all users from the current domain.
$oDomain = GetObject("WinNT://@LDomain")
$oDomain.filter = "User", ""

For Each $oUser in $oDomain
	If $oUser.AccountDisabled <> "0"
		? "Username: " $oUser.name
		? "Fullname: " $oUser.fullname
		? "Is disabled."
		?
	Else
		;Do nothing.
	EndIf
Next

Sleep 3
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#192874 - 2009-03-13 06:58 PM Re: Deleting AD Accounts [Re: Mart]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
I'm just little sceptic that narrowcactus knows what he is doing.
if he has no code, just a task at hand.
that makes me think even the task hasn't been really thought through.
_________________________
!

download KiXnet

Top
#192913 - 2009-03-16 10:05 AM Re: Deleting AD Accounts [Re: Lonkero]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4673
Loc: The Netherlands
And that is also why my code does not "do" anything. It just displays the user that has been disabled and does not delete it.
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#192914 - 2009-03-16 11:36 AM Re: Deleting AD Accounts [Re: Mart]
BradV Offline
Seasoned Scripter
****

Registered: 2006-08-16
Posts: 686
Loc: Maryland, USA
Right, I tend to believe it is a little dangerous to let a script just start deleting accounts. I think you need to run some tests and make sure that all of the accounts that are disabled should be deleted. There might be some legitimate reasons that an account might have been temporarily disabled.
Top
#193659 - 2009-05-04 01:35 PM Re: Deleting AD Accounts [Re: Mart]
WagnerJu Offline
Fresh Scripter

Registered: 2009-03-20
Posts: 6
Loc: Germany
This code solves some of my problems. But what other fields are there to be read.
I need something like last logon time, last time of password change, when was the user account created and so on.
Is there a list available of all attributes I can use?

kind regards

Jürgen
Top
#193661 - 2009-05-04 02:26 PM Re: Deleting AD Accounts [Re: WagnerJu]
Gargoyle Offline
MM club member
*****

Registered: 2004-03-09
Posts: 1597
Loc: Valley of the Sun (Arizona, US...
To see the available attributes you can get a LDAP browser (such as Softerra), or use the code below that was done by either Allen or Apronk.

 Code:
Break ON
$=SetOption("WrapAtEOL","ON")

$usr = @UserID
$logf = "c:\scripthome\logs\ad_props.txt"

$cnusr = TranslateName($usr)
$usrnfo = GetObject("LDAP://" + $cnusr)
$usrclas = GetObject($usrnfo.schema)

$fso = CreateObject("Scripting.FileSystemObject")
$log = $fso.OpenTextFile($logf, 8, 1)

$log.WriteLine("Mandatory Properties:")
$log.WriteLine("---------------------")
$log.WriteLine("")

For Each $prop in $usrclas.MandatoryProperties
  If Not InStr($prop,"-")
    $= Execute("$$Type=VarTypeName($$usrnfo."+$prop+")")
    $= Execute("$$Value=$$usrnfo."+$prop)
    If $type <> "Object" And $type <> "Variant[]"
      WriteLog($prop,$type,$value)
    Else
      WriteLog($prop,$type)
    EndIf
  Else
    WriteLog($prop,"N/A")
  EndIf
Next

$log.WriteLine("")
$log.WriteLine("Optional Properties:")
$log.WriteLine("--------------------")
$log.WriteLine("")

For Each $prop in $usrclas.OptionalProperties
  If Not InStr($prop,"-")
    $= Execute("$$Type=VarTypeName($$usrnfo."+$prop+")")
    $= Execute("$$Value=$$usrnfo."+$prop)
    If $type = "Variant[]"
      For Each $obj in $Value
        WriteLog($prop,$type,$obj)
      Next
    EndIf
    If $type <> "Object" And $type <> "Variant[]"
      WriteLog($prop,$type,$value)
    Else
      WriteLog($prop,$type)
    EndIf
  Else
    WriteLog($prop,"N/A")
  EndIf
Next

$log.Close

Function WriteLog($LineToWrite,$sType,Optional $sValue)
  If Len($LineToWrite) < 8
    $log.WriteLine($LineToWrite + "					" + $sType + "		" + $sValue)
  EndIf
  If Len($LineToWrite) >= 8 And Len($LineToWrite) < 16
    $log.WriteLine($LineToWrite + "				" + $sType + "		" + $sValue)
  EndIf
  If Len($LineToWrite) >= 16 And Len($LineToWrite) < 24
    $log.WriteLine($LineToWrite + "			" + $sType + "		" + $sValue)
  EndIf
  If Len($LineToWrite) >= 24 And Len($LineToWrite) < 32
    $log.WriteLine($LineToWrite + "		" + $sType + "		" + $sValue)
  EndIf
  If Len($LineToWrite) >= 32
    $log.WriteLine($LineToWrite + "	" + $sType + "		" + $sValue)
  EndIf
EndFunction

Function TranslateName($NameToTranslate)
  Dim $NameTranslate
  $NameTranslate = CreateObject("NameTranslate")
  $NameTranslate.Init(3,"")
  $NameTranslate.Set(3, @LDOMAIN + "\" + $NameToTranslate)
  $TranslateName = $NameTranslate.Get(1)
EndFunction
_________________________
Today is the tomorrow you worried about yesterday.

Top
Page 1 of 1 1


Moderator:  Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 581 anonymous users online.
details
Newest Members
Audio, Hoschi, Comet, rrosell, PatrickPinto
17880 Registered Users
My Cookies · Mark all read Powered by UBB.threads™ Contact Us · KiXtart.org website · Top

Generated in 0.051 seconds in which 0.024 seconds were spent on a total of 13 queries. Zlib compression enabled.
Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org