locked
Vb script to delete the domain user from the network RRS feed

  • Question

  • Hello Team

    Could any one suggest me a script which will remove user and groups from the severs ,currently i have to perform this operation on more than 5000 server could any body suggest me a VB script  ASAP,i will be thank full for that.

    Cheers,

    Pramod

    Thursday, April 7, 2011 9:56 AM

Answers

  • A VBScript program can use ADO to retrieve the names of all computers in the domain, then ping each to see if it is available. The script can enumerate all local users on the available computers and retrieve the userFlags property. This can be tested with a bit mask to see of the "Password Never Expires" setting is checked. The script can also check if these user accounts are enabled. The script below should be run at a command prompt so the output can be redirected to a text file. The script may take a long time, since it connects remotely to all computers, but you can monitor the size if the new file you redirect the output to, using Windows Explorer, to check if the program is still documenting.

    Option Explicit
    
    Dim strComputer, objComputer, objUser, lngFlag
    Dim objShell, objFSO, strTemp, strTempFile
    Dim objRootDSE, strDNSDomain, adoConnection, adoCommand
    Dim strAttributes, strFilter, strQuery, adoRecordset
    
    Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
    
    Set objShell = CreateObject("Wscript.Shell")
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    
    ' Specify temporary file to save ping results.
    strTemp = objShell.ExpandEnvironmentStrings("%TEMP%")
    strTempFile = strTemp & "\RunResult.tmp"
    
    ' Determine DNS domain name from RootDSE object.
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strDNSDomain = objRootDSE.Get("defaultNamingContext")
    
    ' Use ADO to search Active Directory.
    Set adoCommand = CreateObject("ADODB.Command")
    Set adoConnection = CreateObject("ADODB.Connection")
    adoConnection.Provider = "ADsDSOObject"
    adoConnection.Open = "Active Directory Provider"
    adoCommand.ActiveConnection = adoConnection
    
    ' Retrieve attributes.
    strAttributes = "sAMAccountName"
    
    ' Filter on all computer objects.
    strFilter = "(objectCategory=computer)"
    
    strQuery = "<LDAP://" & strDNSDomain _
      & ">;" & strFilter & ";" & strAttributes & ";subtree"
    
    adoCommand.CommandText = strQuery
    adoCommand.Properties("Page Size") = 100
    adoCommand.Properties("Timeout") = 30
    adoCommand.Properties("Cache Results") = False
    
    Set adoRecordset = adoCommand.Execute
    
    ' Enumerate computer objects.
    Do Until adoRecordset.EOF
      strComputer = adoRecordset.Fields("sAMAccountName").Value
      ' Remove trailing "$".
      strComputer = Left(strComputer, Len(strComputer) - 1)
    
      ' Ping computer to see if online.
      If (IsConnectible(strComputer, 1, 750) = True) Then
        ' Bind to local computer object.
        Set objComputer = GetObject("WinNT://" & strComputer)
    
        ' Filter on user objects.
        objComputer.Filter = Array("user")
    
        ' Enumerate all local users.
        For Each objUser In objComputer
          ' Retrieve values.
          lngFlag = objUser.userFlags
          ' Check if password can expire.
          If (lngFlag And ADS_UF_DONT_EXPIRE_PASSWD) <> 0 Then
            ' Check if account enabled.
            If (objUser.AccountDisabled = False) Then
              Wscript.Echo strComputer & "," & objUser.Name & ",Enabled"
            Else
              Wscript.Echo strComputer & "," & objUser.Name & ",Disabled"
            End If
          End If
        Next
      Else
        Wscript.Echo strComputer & ",<Not Available>"
      End If
    
      adoRecordset.MoveNext
    Loop
    adoRecordset.Close
    
    ' Clean up.
    adoConnection.Close
    If (objFSO.FileExists(strTempfile) = True) Then
      objFSO.DeleteFile(strTempFile)
    End If
    
    Function IsConnectible(ByVal strHost, ByVal intPings, ByVal intTO)
      ' Returns True if strHost can be pinged.
      ' Based on a program by Alex Angelopoulos and Torgeir Bakken.
      ' Modified 09/14/2010 to search for "Reply from" instead of "TTL=".
      Dim objFile, strResults
    
      If (intPings = "") Then
        intPings = 2
      End If
      If (intTO = "") Then
        intTO = 750
      End If
    
      Const OpenAsDefault = -2
      Const FailIfNotExist = 0
      Const ForReading = 1
    
      objShell.Run "%comspec% /c ping -n " & intPings & " -w " & intTO _
        & " " & strHost & ">" & strTempFile, 0, True
    
      Set objFile = objFSO.OpenTextFile(strTempFile, ForReading, _
        FailIfNotExist, OpenAsDefault)
      strResults = objFile.ReadAll
      objFile.Close
    
      Select Case InStr(strResults, "Reply from")
        Case 0
          IsConnectible = False
        Case Else
          IsConnectible = True
      End Select
    End Function

     

    This script documents all computers in the domain. If you need to restrict this to servers, then modify the ADO filter from this:

    strFilter = "(objectCategory=computer)"

     

    To this:

    strFilter = "(&(objectCategory=computer)(operatingSystem=*server*))"

     

    For each user account where Password never expires, the program outputs the computer name, the user name, and whether the account is enabled, in comma delimited fields so the file can be read by a spreadsheet program.

     


    Richard Mueller - MVP Directory Services
    • Proposed as answer by Richard MuellerMVP Saturday, April 16, 2011 6:14 PM
    • Marked as answer by Richard MuellerMVP Tuesday, April 19, 2011 12:43 AM
    • Unmarked as answer by Pramodkr Tuesday, April 26, 2011 10:15 AM
    • Marked as answer by Pramodkr Tuesday, April 26, 2011 10:15 AM
    Thursday, April 14, 2011 2:12 PM
  • Hi Richard,

    coould you suggest me a VB script to check all the users in the server are set  to "never  expire password"

    Descrption : I have some 1000 server what i need to check is log in to each server -->computer managemet --> Local User and groups--> User-->each user doubble click and check whether the Password never expire check box is checked or not it really hectic in one server more then thousand user are ther could any one pls suggest me a Vb script ASAP

    thanks for you patience  for reading my query ,i will be more happy if i got a solution from you

    thanks and regards,

    Pramod

     

    • Marked as answer by Pramodkr Tuesday, April 26, 2011 10:29 AM
    Thursday, April 14, 2011 1:08 PM
  • The best resource for learning VBScript is still the book "Microsoft Windows 2000 Scripting Guide - Automating System Administration". The text is available online at:

    http://technet.microsoft.com/en-us/library/ee221103.aspx

    For scripting in general, start here:

    http://technet.microsoft.com/en-us/library/ee692931.aspx

    You can navigate in the Table of Contents at the left.

     


    Richard Mueller - MVP Directory Services
    • Marked as answer by Pramodkr Friday, June 3, 2011 2:17 PM
    Tuesday, April 26, 2011 2:03 PM

All replies

  • check this sample script here:

    http://www.wisesoft.co.uk/scripts/vbscript_delete_a_user_account.aspx


    -join("74686979616775313440686F746D61696C2E636F6D"-split"(?<=\G.{2})",21|%{[char][int]"0x$_"})
    http://www.myExchangeWorld.com
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, April 7, 2011 10:50 AM
  • Another link describing how to delete domain user objects:

    http://technet.microsoft.com/en-us/library/ee198833.aspx

    If these are domain users, you only need to delete them once, after which the change will replicate to all servers (Domain Controllers). If a server is a Domain Controller, there are no locall users on the server. If you are talking about local users on the servers, then they cannot be Domain Controllers. Also, local users must be deleted from each server and you must use the WinNT provider instead of the LDAP provider.

     


    Richard Mueller - MVP Directory Services
    Thursday, April 7, 2011 12:14 PM
  • Hi Richard,

    Sorry there are  local user also there in each server  ,is there any possibilty to delete complete User account and user  profiles  in each server using NET user command ,any possibility in login to one one server in a domain and perform the operation to rest of the server which are in domain using Input parameter .....?

    one of our coleegue suggested  below script . but i am unabke  modified this even he is not reacheble to me ,can you please suggest me whether it will usefull if so please make a format and revert me,

    {"Use this in a for loop and give the server name through a input.txt file. 

    C:\Documents and Settings\Administrator>net user /?

    The syntax of this command is: 

    NET USER

    [username [password | *] [options]] [/DOMAIN]

    username {password | *} /ADD [options] [/DOMAIN]

    username [/DELETE] [/DOMAIN]

     

     

    net localgroup - this will give the the local group information.

    net group - is used for domain

     

     

    http://technet.microsoft.com/en-us/library/cc771865(v=ws.10).aspx.

    http://technet.microsoft.com/en-us/library/bb490718.aspx

     

    You can also use DS query, LDAP to query the domain and to get the information. "}

     

     Cheers

    Pramod

    Thursday, April 7, 2011 2:05 PM
  • How will you know which users to delete? You don't want to delete the Administrator user, for example.

    You can delete local users remotely in a script. You must be a member of the local "Administrators" group on the remote computer. By default, the domain group "Domain Admins" is a member of this group, so you should be a member of this group. A VBScript program to delete a local user account would be similar to below:

    Option Explicit
    Dim strComputer, objComputer, strUser
    
    ' Specify the NetBIOS name of the computer (server, not a DC).
    strComputer = "East203"
    
    ' Specify the local user name.
    strUser = "jsmith"
    
    ' Bind to the computer object.
    Set objComputer = GetObject("WinNT://" & strComputer)
    
    ' Delete the local user.
    Call objComputer.Delete("user", strUser)

     

    To list all of the local users on a computer, you can use VBScript program similar to below:

    Option Explicit
    Dim strComputer, objComputer, objUser
    
    ' Specify the NetBIOS name of the computer (server, not a DC).
    strComputer = "East203"
    
    ' Bind to the computer object.
    Set objComputer = GetObject("WinNT://" & strComputer)
    
    ' List all local users.
    objComputer.Filter = Array("user")
    For Each objUser In objComputer
      Wscript.Echo objUser.Name
    Next

     

    Deleting the local profiles is another matter. I know you can do this on older operating systems, but I'm not sure about new ones, like Windows 7. Maybe someone else knows.

     


    Richard Mueller - MVP Directory Services
    Thursday, April 7, 2011 3:10 PM
  • Hi Richard,

    coould you suggest me a VB script to check all the users in the server are set  to "never  expire password"

    Descrption : I have some 1000 server what i need to check is log in to each server -->computer managemet --> Local User and groups--> User-->each user doubble click and check whether the Password never expire check box is checked or not it really hectic in one server more then thousand user are ther could any one pls suggest me a Vb script ASAP

    thanks for you patience  for reading my query ,i will be more happy if i got a solution from you

    thanks and regards,

    Pramod

     

    • Marked as answer by Pramodkr Tuesday, April 26, 2011 10:29 AM
    Thursday, April 14, 2011 1:08 PM
  • A VBScript program can use ADO to retrieve the names of all computers in the domain, then ping each to see if it is available. The script can enumerate all local users on the available computers and retrieve the userFlags property. This can be tested with a bit mask to see of the "Password Never Expires" setting is checked. The script can also check if these user accounts are enabled. The script below should be run at a command prompt so the output can be redirected to a text file. The script may take a long time, since it connects remotely to all computers, but you can monitor the size if the new file you redirect the output to, using Windows Explorer, to check if the program is still documenting.

    Option Explicit
    
    Dim strComputer, objComputer, objUser, lngFlag
    Dim objShell, objFSO, strTemp, strTempFile
    Dim objRootDSE, strDNSDomain, adoConnection, adoCommand
    Dim strAttributes, strFilter, strQuery, adoRecordset
    
    Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
    
    Set objShell = CreateObject("Wscript.Shell")
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    
    ' Specify temporary file to save ping results.
    strTemp = objShell.ExpandEnvironmentStrings("%TEMP%")
    strTempFile = strTemp & "\RunResult.tmp"
    
    ' Determine DNS domain name from RootDSE object.
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strDNSDomain = objRootDSE.Get("defaultNamingContext")
    
    ' Use ADO to search Active Directory.
    Set adoCommand = CreateObject("ADODB.Command")
    Set adoConnection = CreateObject("ADODB.Connection")
    adoConnection.Provider = "ADsDSOObject"
    adoConnection.Open = "Active Directory Provider"
    adoCommand.ActiveConnection = adoConnection
    
    ' Retrieve attributes.
    strAttributes = "sAMAccountName"
    
    ' Filter on all computer objects.
    strFilter = "(objectCategory=computer)"
    
    strQuery = "<LDAP://" & strDNSDomain _
      & ">;" & strFilter & ";" & strAttributes & ";subtree"
    
    adoCommand.CommandText = strQuery
    adoCommand.Properties("Page Size") = 100
    adoCommand.Properties("Timeout") = 30
    adoCommand.Properties("Cache Results") = False
    
    Set adoRecordset = adoCommand.Execute
    
    ' Enumerate computer objects.
    Do Until adoRecordset.EOF
      strComputer = adoRecordset.Fields("sAMAccountName").Value
      ' Remove trailing "$".
      strComputer = Left(strComputer, Len(strComputer) - 1)
    
      ' Ping computer to see if online.
      If (IsConnectible(strComputer, 1, 750) = True) Then
        ' Bind to local computer object.
        Set objComputer = GetObject("WinNT://" & strComputer)
    
        ' Filter on user objects.
        objComputer.Filter = Array("user")
    
        ' Enumerate all local users.
        For Each objUser In objComputer
          ' Retrieve values.
          lngFlag = objUser.userFlags
          ' Check if password can expire.
          If (lngFlag And ADS_UF_DONT_EXPIRE_PASSWD) <> 0 Then
            ' Check if account enabled.
            If (objUser.AccountDisabled = False) Then
              Wscript.Echo strComputer & "," & objUser.Name & ",Enabled"
            Else
              Wscript.Echo strComputer & "," & objUser.Name & ",Disabled"
            End If
          End If
        Next
      Else
        Wscript.Echo strComputer & ",<Not Available>"
      End If
    
      adoRecordset.MoveNext
    Loop
    adoRecordset.Close
    
    ' Clean up.
    adoConnection.Close
    If (objFSO.FileExists(strTempfile) = True) Then
      objFSO.DeleteFile(strTempFile)
    End If
    
    Function IsConnectible(ByVal strHost, ByVal intPings, ByVal intTO)
      ' Returns True if strHost can be pinged.
      ' Based on a program by Alex Angelopoulos and Torgeir Bakken.
      ' Modified 09/14/2010 to search for "Reply from" instead of "TTL=".
      Dim objFile, strResults
    
      If (intPings = "") Then
        intPings = 2
      End If
      If (intTO = "") Then
        intTO = 750
      End If
    
      Const OpenAsDefault = -2
      Const FailIfNotExist = 0
      Const ForReading = 1
    
      objShell.Run "%comspec% /c ping -n " & intPings & " -w " & intTO _
        & " " & strHost & ">" & strTempFile, 0, True
    
      Set objFile = objFSO.OpenTextFile(strTempFile, ForReading, _
        FailIfNotExist, OpenAsDefault)
      strResults = objFile.ReadAll
      objFile.Close
    
      Select Case InStr(strResults, "Reply from")
        Case 0
          IsConnectible = False
        Case Else
          IsConnectible = True
      End Select
    End Function

     

    This script documents all computers in the domain. If you need to restrict this to servers, then modify the ADO filter from this:

    strFilter = "(objectCategory=computer)"

     

    To this:

    strFilter = "(&(objectCategory=computer)(operatingSystem=*server*))"

     

    For each user account where Password never expires, the program outputs the computer name, the user name, and whether the account is enabled, in comma delimited fields so the file can be read by a spreadsheet program.

     


    Richard Mueller - MVP Directory Services
    • Proposed as answer by Richard MuellerMVP Saturday, April 16, 2011 6:14 PM
    • Marked as answer by Richard MuellerMVP Tuesday, April 19, 2011 12:43 AM
    • Unmarked as answer by Pramodkr Tuesday, April 26, 2011 10:15 AM
    • Marked as answer by Pramodkr Tuesday, April 26, 2011 10:15 AM
    Thursday, April 14, 2011 2:12 PM
  • Hi Richard,

    Thank you so much for the wonderfull script ,it saved my time lot ,Now I am eager to learn Scripting ,I have Sound knowledge on Java ,could you please suggest me for learning Vb script from the scrach,I will be much happy then

     

    Cheers

    Pramod


    pramodkr
    Tuesday, April 26, 2011 10:28 AM
  • The best resource for learning VBScript is still the book "Microsoft Windows 2000 Scripting Guide - Automating System Administration". The text is available online at:

    http://technet.microsoft.com/en-us/library/ee221103.aspx

    For scripting in general, start here:

    http://technet.microsoft.com/en-us/library/ee692931.aspx

    You can navigate in the Table of Contents at the left.

     


    Richard Mueller - MVP Directory Services
    • Marked as answer by Pramodkr Friday, June 3, 2011 2:17 PM
    Tuesday, April 26, 2011 2:03 PM
  • Dear  Richard,

    hope you are doing good ,

    After a long time ,there is an emergeny request from my end ,

    I have scenorio where i need to copy a single file from 100 Domain servers and store in one common server could you please provide me a VB script for the same

     

    Thanks in anticipation

    Pramod

     


    pramodkr
    Thursday, December 1, 2011 4:42 PM