Using DSQUERY, DSGET, and DSMOD (See DSADD for parameters), I
have scripted IADGR.bat to remove a user's membership in all distribution groups, and optionally disable their account.
The syntax for using IADGR.bat is:
IADGR SAM_User_Name \[/D\]
where SAM_User_Name is the user's logon name, and /D is an optional parameter that will cause the user account to be set to disabled.
IADGR.bat contains:
@echo off if \{%1\}\{\} @echo Syntax: IADGR UserName \[/D\]&goto :EOF If not \{%2\}
\{\} if /i \{%2\} NEQ \{/D\} @echo Syntax: IADGR UserName \[/D\]&goto :EOF setlocal set usr=%1 set IA=%2 for /f "Tokens=*" %%u in ('dsquery user -samid %usr%') do set UDN=%%u if %ERRORLEVEL% NEQ 0 @echo %usr% NOT found.&endlocal&goto :EOF for /f "Tokens=*" %%a in ('dsget user %UDN% -memberof') do set DNG=%%a&call :member if /i "%IA%" NEQ "/D" endlocal&goto :EOF dsmod user %UDN% -disabled yes if %ERRORLEVEL% NEQ 0 @echo %usr% NOT disabled. endlocal goto :EOF :member call :memberof>nul 2>&1 goto :EOF :memberof for /f "skip=1 Tokens=*" %%g in ('dsget group %DNG% -secgrp') do set dist=%%g&call :group goto :EOF :group set wrk=%dist:no=% if /i "%dist%" EQU "%wrk%" goto :EOF dsmod group %DNG% -rmmbr %UDN%
0 comments
Hide comments