JSI Tip 7356. How can I remove a user from membership in all distribution groups, and optionally disable their account?


Using DSQUERY, DSGET, and DSMOD (See DSADD for parameters), I have scripted IADGR.bat to remove a user's membership in all distribution groups, and optionally disable their account.

The syntax for using IADGR.bat is:

IADGR SAM_User_Name \[/D\]

where SAM_User_Name is the user's logon name, and /D is an optional parameter that will cause the user account to be set to disabled.

IADGR.bat contains:

@echo off
if \{%1\}

\{\} @echo Syntax: IADGR UserName \[/D\]&goto :EOF If not \{%2\}

\{\} if /i \{%2\} NEQ \{/D\} @echo Syntax: IADGR UserName \[/D\]&goto :EOF setlocal set usr=%1 set IA=%2 for /f "Tokens=*" %%u in ('dsquery user -samid %usr%') do set UDN=%%u if %ERRORLEVEL% NEQ 0 @echo %usr% NOT found.&endlocal&goto :EOF for /f "Tokens=*" %%a in ('dsget user %UDN% -memberof') do set DNG=%%a&call :member if /i "%IA%" NEQ "/D" endlocal&goto :EOF dsmod user %UDN% -disabled yes if %ERRORLEVEL% NEQ 0 @echo %usr% NOT disabled. endlocal goto :EOF :member call :memberof>nul 2>&1 goto :EOF :memberof for /f "skip=1 Tokens=*" %%g in ('dsget group %DNG% -secgrp') do set dist=%%g&call :group goto :EOF :group set wrk=%dist:no=% if /i "%dist%" EQU "%wrk%" goto :EOF dsmod group %DNG% -rmmbr %UDN%



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish