locked
Disable roaming by user in AD RRS feed

  • Question

  • Hi,

    i need disable roaming profile by user (self). Script can't use active directory module because there are no admin tool installed on user PC. We can delegate change profile attribute for user in AD.

    What is the best way to create script, that will clear attribute by user.

    thanks

    Thursday, November 1, 2018 10:14 PM

Answers

  • If you have a specific script question, feel free to ask.

    Of necessity, we're not able to do free consulting work from afar from a forum.


    -- Bill Stewart [Bill_Stewart]

    Friday, November 2, 2018 7:19 PM
  • I recommend just changing it in AD in batches as needed.


    \_(ツ)_/

    Friday, November 2, 2018 8:51 PM

All replies

  • Use AD GUI tool to disable one or a group of users.

    You can use ADSI to reset that but resetting a lot of users may cause disruption.  Better to use ADUC carefully.

    Look in Gallery for examples of using ADSI to set AD attributes.


    \_(ツ)_/


    • Edited by jrv Thursday, November 1, 2018 10:23 PM
    Thursday, November 1, 2018 10:21 PM
  • Use AD GUI tool to disable one or a group of users.

    You can use ADSI to reset that but resetting a lot of users may cause disruption.  Better to use ADUC carefully.

    Look in Gallery for examples of using ADSI to set AD attributes.


    \_(ツ)_/



    I incorrectly indicated the goal :)
    The goal is:
    i need to switch from roaming to ue-v. The user must run the script using own credentials. Which in AD will clear the profile attribute of user (roaming profile path), thereby making it local.
    Next, the script will have to start each software from the list. Check its launch, close and check software directory in the UE-V profile.

    The task is to change the roaming profile to a local one, by clearing the attribute in AD on behalf of the user, through the script.
    Without RSAT installation. User user windows 7.
    Friday, November 2, 2018 2:16 PM
  • A user can only modify a few attributes of their own account.

    You can test this yourself. Log on as a regular domain user, start the ADUC console, enable Advanced Features (under the View menu) in ADUC, and double-click on the user account you're logged on with, and go to the Attribute Editor tab for the user. Click the Filter button and choose the "Show only writable attributes" option.

    Can your users change that attribute for themselves? (Probably not)


    -- Bill Stewart [Bill_Stewart]

    Friday, November 2, 2018 2:26 PM
  • A user cannot change this attribute.  Only an Administrator can set this value.

    I also suggest that you don't want users to be  toggling this attribute.


    \_(ツ)_/


    • Edited by jrv Friday, November 2, 2018 2:36 PM
    Friday, November 2, 2018 2:35 PM
  • A user can only modify a few attributes of their own account.

    You can test this yourself. Log on as a regular domain user, start the ADUC console, enable Advanced Features (under the View menu) in ADUC, and double-click on the user account you're logged on with, and go to the Attribute Editor tab for the user. Click the Filter button and choose the "Show only writable attributes" option.

    Can your users change that attribute for themselves? (Probably not)


    -- Bill Stewart [Bill_Stewart]

    I understand it :) and can delegate access to custom attribute for user. User will not user ads.msc for this. It more than 1000 user, it to hard explain how to use ads.msc only to change one attribute

    Friday, November 2, 2018 4:46 PM
  • A user cannot change this attribute.  Only an Administrator can set this value.

    I also suggest that you don't want users to be  toggling this attribute.


    \_(ツ)_/


    Yes, I agree. It makes sense. But which solution will be the most convenient, so that the administrator does not interfere.
    Friday, November 2, 2018 4:48 PM
  • Sounds like you have a solution then.

    -- Bill Stewart [Bill_Stewart]

    Friday, November 2, 2018 6:43 PM
  • Sounds like you have a solution then.

    -- Bill Stewart [Bill_Stewart]

    I'm sorry, I really don't know what to do anymore. I want to minimize the transition process, however there are a lot of points of coordination and manual work.
    Friday, November 2, 2018 6:51 PM
  • If you have a specific script question, feel free to ask.

    Of necessity, we're not able to do free consulting work from afar from a forum.


    -- Bill Stewart [Bill_Stewart]

    Friday, November 2, 2018 7:19 PM
  • I recommend just changing it in AD in batches as needed.


    \_(ツ)_/

    Friday, November 2, 2018 8:51 PM