Remove User From Group

Anything VBScript-related, including Windows Script Host, WMI, ADSI, and more.
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 13 years and 8 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
User avatar
mmacdonald
Posts: 44
Last visit: Thu Apr 07, 2016 7:53 am

Remove User From Group

Post by mmacdonald »

Greetings:

I have written the script below designed to remove a user from a group. This does work but it does not seem very clean. The idea is to add the code to another script and have the user removed from a group when the script runs. The whole thing is controlled by a GPO applied to the group. Once the user is out of the group, the GPO won't kick the script off again.

Is there a simpler way of doing this?

Option ExplicitOn Error Resume Next
'Removes User from Printer Mapping Security GroupDim objSysInfoDim strUserPathDim objUserDim strGroupDim strGroupNameDim strGroupPathDim objGroup
Set objSysInfo = CreateObject("ADSystemInfo")strUserPath = "LDAP://" & objSysInfo.UserNameSet objUser = GetObject(strUserPath)strGroup = "GG-PrinterRemap-TYO"
For Each strGroup in objUser.MemberOf strGroupPath = "LDAP://" & strGroup Set objGroup = GetObject(strGroupPath) strGroupName = objGroup.CN Select Case UCase(strGroupName) Case UCase("GG-PrinterRemap-TYO") objGroup.Remove strUserPath End SelectNext
User avatar
mmacdonald
Posts: 44
Last visit: Thu Apr 07, 2016 7:53 am

Remove User From Group

Post by mmacdonald »

It goes like this. We are migrating printers. I have a script that will remap the printers for me and I want this to happen at login. The GPO will be applied to a group and the script, along with re-mapping the printers, removes them from the group so that next time they login, they don't run the re-mapping script again.

The GPO is not designed as a means of removing users from the group. That would be pointless. The GPO is designed to re-map printers at login. The group controls the GPO.

Kinda like that. Either way, I was interested in a review of the mechanism I am using to remove a user from a group regardless of the reason.

Sorry for my poor explaination before.

Thank you.

jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Remove User From Group

Post by jvierra »

Reverse the logic. You know the user so just remove him/her from the group directly.

1. Get user
2. get group
3. remove user from group using user path

Code: Select all

Set objUser = GetObject("LDAP://" & objSysInfo.UserName)
Set objGroup = GetObject(LDAP://cn=GG-PrinterRemap-TYO,ou=theOU,cn=domain.cn=com)
objGroup.Remove(objUser.aDSPath)

jvierra2010-07-22 02:23:47
User avatar
mmacdonald
Posts: 44
Last visit: Thu Apr 07, 2016 7:53 am

Remove User From Group

Post by mmacdonald »

I like that this is cleaner but when applying it, there is an error. When processing the script below. Line 2 returns an error about an expected quote or something. the error is
Line: 2
Character: 1
Object required: "
Code: 800A01A8

Dim objSysInfo
Set objUser = GetObject("LDAP://" & objSysInfo.UserName)Set objGroup = GetObject(LDAP://CN=GG-PrinterRemap,OU=admin,OU=OU1,OU=OU2,DC=DC1,DC=DC2,DC=com)objGroup.Remove(objUser.aDSPath)
I added the Dim for the one variable because the script would not proceed without that defined. I am thinking this somehow relates to how I am using the objects.


jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Remove User From Group

Post by jvierra »

Here is a complete working example that has been tested:

Code: Select all

Set objSysInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & objSysInfo.UserName)
Set objGroup = GetObject("LDAP://cn=testgroup,ou=testou,dc=sec,dc=local")
wscript.echo objgroup.CN
wscript.echo objUser.aDSPath
objGroup.Remove(objUser.aDSPath)

This removes the current user from the specified group. It will throw an error if teh user is NOT a member of the group.
This topic is 13 years and 8 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked