Re: Membership...

Hi, Torgeir,

Thanks again for the solution for my previous posting.

As I work along, I am facing another problem. That is, the local
Administrators group in some computers contrain members with deleted domain
account (or it maybe from another domain we scrapped) such as this:
S-1-5-21-745281606-593586046-1819828000-500. What is "mydomain" suposed to
be since the account is unknown or no longer exist? I have about 500 pc to
work with. Please help again.

Fan


"Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@xxxxxxxxx> wrote in message
news:%23UOH9GvjFHA.576@xxxxxxxxxxxxxxxxxxxxxxx
> Fan Fan wrote:
>
>> Please help.
>> I would like to remove DOMAIN account from a LOCAL administrators group
>> REMOTELY using vb script. Can anybody either point me the way for more
>> reading material for the subject or present me with the vb script? The
>> following script can remove the member of the Administrators group if the
>> account is a LOCAL account to that computer. If the account is a DOMAIN
>> account, I got the error with message: 'A member could not be added or
>> removed from the local group because the member does not exist'.
>>
>> Dim oDomain,oGroup,sDomain,sGroup,sUser
>> sDomain = "TheRemotePC" 'local host; member of the Active Directory
>> domain
>> sGroup = "Administrators"
>> sUser = "JDow" 'a domain account; not an account to the local pc
>> Set oDomain = GetObject("WinNT://" & sDomain)
>> Set oGroup = oDomain.GetObject("Group", sGroup)
>> oGroup.Remove("WinNT://" & sDomain & "/" & sUser)
>>
> Hi,
>
> You need to include the domain the user is member of in the ADsPath
> you feed to the Remove method.
>
> This works for me:
>
> '--------------------8<----------------------
> Option Explicit
>
> Dim sComputer, sUserDomain, sGroup, sUser, oGroup
>
> sComputer = "TheRemotePC" ' local host; member of the Active Directory
> domain
> sUserDomain = "mydomain" ' the domain the user is member of
> sGroup = "Administrators"
> sUser = "JDow" ' a domain account; not an account to the local
> pc
>
> Set oGroup = GetObject("WinNT://" & sComputer & "/" & sGroup & ",group")
> oGroup.Remove("WinNT://" & sUserDomain & "/" & sUser)
>
> '--------------------8<----------------------
>
>
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scriptcenter/default.mspx


.

Relevant Pages

  • Re: How to make a AD group member of the local administrators grou
    ... Can I use your script and replace the user ingo with the group info or do I ... Clemens de Brouwer ... that group to the local Administrators group. ... ' Check if user already a member. ...
    (microsoft.public.windows.server.scripting)
  • Re: Use the "Managed By" field in AD to set as local Admin
    ... I think the way must be in the logon script. ... Administrators group, you can run it repeatedly until there is no message ... "Domain Admins" should be a member of the local Administrators group on ... Dim strComputerDN, strComputer, strManagerDN ...
    (microsoft.public.windows.server.active_directory)
  • Re: Use the "Managed By" field in AD to set as local Admin
    ... I think the way must be in the logon script. ... Administrators group, you can run it repeatedly until there is no message ... "Domain Admins" should be a member of the local Administrators group on ... Dim strComputerDN, strComputer, strManagerDN ...
    (microsoft.public.windows.server.active_directory)
  • Wired error of get-credential for non-privilege user
    ... If login as a member of Administrators group, ... Second time you run script: ...
    (microsoft.public.windows.server.scripting)
  • Re: Windows Service - Event Log
    ... I didn't say the Administrator account. ... Administrators group on the local machine." ... I didn't advocate using a member of the Administrator's group; ...
    (microsoft.public.dotnet.languages.csharp)