PHWinfo - Afficher un message - Re: query to remove only certain groups of a user

19/09/2007, 18h58

Yes, you can just remove the group memberships you want and leave the rest.
You would repeat the "If/Then/End If" structure for each group membership to
be removed. It requires binding to each group whose membership will be
modified.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

"preetham" <preetham@discussions.microsoft.com> wrote in message
news:1E747958-3C2E-40FC-9F9F-5D42863D7B23@microsoft.com...
> HI Richard,
>
> if i want to remove only certain group membership of a user will the
> below given option work
>
> what i mean is lets say is user U1 is a member of groups G1,G2, G3, G4 and
> G5. when i disable the user i want all the groups except G3 to be removed.
> can this be done?
>
> "preetham" wrote:
>
>> Thanks for you richard
>>
>> "Richard Mueller [MVP]" wrote:
>>
>> > preetham wrote:
>> >
>> > > i need to write a script that will remove only few groups of a user
>> > > from
>> > > AD.
>> > >
>> > > any in this matter would be great.
>> >
>> > You cannot modify AD objects with a query. You will need to bind to AD
>> > objects to make changes. The method I prefer to remove a user from a
>> > group
>> > would be similar to below:
>> > ================
>> > ' Bind to the user object.
>> > Set objUser = GetObject("LDAP://cn=Jim
>> > Smith,ou=West,dc=MyDomain,dc=com")
>> >
>> > ' Bind to the group object.
>> > Set objGroup =
>> > GetObject("LDAP://cn=TestGroup,ou=East,dc=MyDomain,dc=com")
>> >
>> > ' Check if user a member of the group.
>> > If (objGroup.IsMember(objUser.AdsPath) = True) Then
>> > ' Remove user from group.
>> > objGroup.Remove(objUser.AdsPath)
>> > End If
>> >
>> > --
>> > Richard Mueller
>> > Microsoft MVP Scripting and ADSI
>> > Hilltop Lab - http://www.rlmueller.net
>> > --
>> >
>> >
>> >

19/09/2007, 18h58	#3
Richard Mueller [MVP] Messages: n/a Hébergeur:	Re: query to remove only certain groups of a user Yes, you can just remove the group memberships you want and leave the rest. You would repeat the "If/Then/End If" structure for each group membership to be removed. It requires binding to each group whose membership will be modified. -- Richard Mueller Microsoft MVP Scripting and ADSI Hilltop Lab - http://www.rlmueller.net -- "preetham" <preetham@discussions.microsoft.com> wrote in message news:1E747958-3C2E-40FC-9F9F-5D42863D7B23@microsoft.com... > HI Richard, > > if i want to remove only certain group membership of a user will the > below given option work > > what i mean is lets say is user U1 is a member of groups G1,G2, G3, G4 and > G5. when i disable the user i want all the groups except G3 to be removed. > can this be done? > > "preetham" wrote: > >> Thanks for you richard >> >> "Richard Mueller [MVP]" wrote: >> >> > preetham wrote: >> > >> > > i need to write a script that will remove only few groups of a user >> > > from >> > > AD. >> > > >> > > any in this matter would be great. >> > >> > You cannot modify AD objects with a query. You will need to bind to AD >> > objects to make changes. The method I prefer to remove a user from a >> > group >> > would be similar to below: >> > ================ >> > ' Bind to the user object. >> > Set objUser = GetObject("LDAP://cn=Jim >> > Smith,ou=West,dc=MyDomain,dc=com") >> > >> > ' Bind to the group object. >> > Set objGroup = >> > GetObject("LDAP://cn=TestGroup,ou=East,dc=MyDomain,dc=com") >> > >> > ' Check if user a member of the group. >> > If (objGroup.IsMember(objUser.AdsPath) = True) Then >> > ' Remove user from group. >> > objGroup.Remove(objUser.AdsPath) >> > End If >> > >> > -- >> > Richard Mueller >> > Microsoft MVP Scripting and ADSI >> > Hilltop Lab - http://www.rlmueller.net >> > -- >> > >> > >> >