How to remove an option !!

  • Thread starter Thread starter misaro
  • Start date Start date
M

misaro

Hi,

I have a OU with 150 users in it. All the users have the
option on user\properties\Terminal Services Profile\Allow
logon to terminal Services. But now I need to remove this
option from all these users.

I mean anyone who knows any way or script to do it at
the same time on all them.

Thanks !!
 
I've not got the exact code to do this, but I've made a bunch of changes
recently by running a scripts that output the results of an LDAP query into
an .ldf file and importing the .ldf files using LDIFDE.

Here's one of the scripts that I used:

' getDuplicateGroupUsers.vbs
'
' Script writes, in LDIF format, the DN, changetype=modify delete: member
and
' member: <member> values to an ldf file for all user accounts that match
the LDAP query:
'
(&(objectCategory=person)(memberOf="&strMemberOne&")(memberOf="&strMemberTwo&"))
where
' strMemeberOne and strMemberTwo are the input groups.
'
' The group names are read from a text file which contains two group names:
the first
' group is the group in which a user must reside that you wish to remove
them from. This
' file is intuitively called groupembers.txt.
'
' Author: Paul Williams, http://www.msresource.net
' based on original code by Richard Mueller,
http://www.rlmueller.net/ADOSearchTips.htm
' Date: 21-12-2004
' Version: 1.1.1.
' Last updated: 22-12-2004
'

Option explicit

dim objCommand,objConnection,strBase,strFilter,strAttributes
dim strQuery,objRecordset,strDn,strMemberOf
dim
objFso,objFileIn,logf,ldif,i,x,strGroupIn,arrMembers(),strMemberOne,strMemberTwo

set objFso=createObject("Scripting.FileSystemObject")
set ldif=objFso.createTextFile("getDuplicateGroupUsers.ldf",true)
set logf=objFso.createTextFile("getDuplicateGroupUsers.txt",true)
set objFileIn=objFso.openTextFile("groupMembers.txt",1)

i=0

do while objFileIn.atEndOfLine <> true
reDim preserve arrMembers(i)

strGroupIn=objFileIn.readLine
arrMembers(i)=strGroupIn

i=i+1
loop

strMemberOne=arrMembers(0)
strMemberTwo=arrMembers(1)

x=1

set objCommand=createObject("ADODB.Command")
set objConnection=createObject("ADODB.Connection")

objConnection.provider="ADsDSOObject"
objConnection.open"Active Directory Provider"
objCommand.activeConnection=objConnection

strBase="<LDAP://dc=winnet-solutions,dc=com>"
strFilter="(&(objectCategory=person)(memberOf="&strMemberOne&")(memberOf="&strMemberTwo&"))"
strAttributes="distinguishedName,memberOf"
strQuery=strBase&";"&strFilter&";"&strAttributes&";subtree"

objCommand.commandText=strQuery
objCommand.properties("Page Size")=100
objCommand.properties("Timeout")=30
objCommand.properties("Cache Results")=false

set objRecordSet=objCommand.execute

logf.writeLine(x&". query: "&strFilter)

do Until objRecordSet.eOF
strDn=objRecordSet.fields("distinguishedName").value
strMemberOf=objRecordSet.fields("memberOf").value

ldif.writeLine("dn: "&strMemberOne)
ldif.writeLine("changetype: modify")
ldif.writeLine("delete: member")
ldif.writeLine("member: "&strDn)
ldif.writeLine("-")
ldif.writeLine()

objRecordSet.moveNext

logf.writeLine(" result: "&strDn)
loop

objConnection.close

wscript.echo"Script finished."


As you can see, that script pulls two group DNs from a file, and then looks
for all users that are members of both. It then writes the .ldf file to
remove members from the first group.

In your case, ascertain the correct attribute that you need to change, and
then search for all users that have that attribute set. Then write the data
to an LDIFDE file and import it using:

C:\>ldifde -i -f fileToImport.ldf

Hope this is somewhat helpful

--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

Hi,

I have a OU with 150 users in it. All the users have the
option on user\properties\Terminal Services Profile\Allow
logon to terminal Services. But now I need to remove this
option from all these users.

I mean anyone who knows any way or script to do it at
the same time on all them.

Thanks !!
 
You can do this via script, probably allot easier.
Dim User
Dim UserName
Dim UserDomain
Dim ndescription

userdomain ="ou=OUof users,dc=doman,dc=name"
wscript.echo userdomain
Set container = GetObject("LDAP://" & userdomain )
ndescription= "new description"
For each user in container
user.description = ndescription
user.setinfo
next
wscript.echo "done"

This script will change the description field of every user in a single ou,
which is set in the userdomain variable.
This takes of the form of the ldap path in reverese.
So if your domain is test.com and the ou is directly off that, the path
would be ou=ou,dc=test,dc=com.
If your domain is 3 part, this.test.com it would be ou=ou,
dc=this,dc=test,dc=com inside the doubel quotes.
The only thing left is to find the ad attiribute for allow terminal server
login, cannot find it and have never had to mass change it.
 
Here's some info. on the TS properties:
--
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/termserv/termserv/iadstsuserex.asp


--

Paul Williams

http://www.msresource.net
http://forums.msresource.net


Hi,

I have a OU with 150 users in it. All the users have the
option on user\properties\Terminal Services Profile\Allow
logon to terminal Services. But now I need to remove this
option from all these users.

I mean anyone who knows any way or script to do it at
the same time on all them.

Thanks !!
 
Back
Top