Re: Removing user account accross multiple domains
- From: "GBPackerBacker" <gbpackerbacker@xxxxxxxxx>
- Date: 27 Mar 2007 07:17:22 -0700
Thanks for the info, although I have two questions. With 30 plus
domains, I'd have to create a different script for each domain right?
Is there any way that I can tell the script to just use the default
domain? All domains are on a seperate Domain Controller, and there is
only one domain per DC. I'd like to create just one script that I can
push to each DC as an "exe" package.
Also, I think I wasn't clear on one part. . .the old admin was using
his own username to do work. Our built in Admin account password has
already been changed when he left, so I don't need the built in Admin
account, I need to disable his specific user account.
Thanks for the insight, I will dig through your script and try to
learn more about it! Thanks again.
On Mar 26, 9:51 pm, "Richard Mueller [MVP]" <rlmueller-
nos...@xxxxxxxxxxxxxxxxxxxx> wrote:
GBPackerBacker wrote:
I am a new administrator with a company that does managed hosting. We
do all the maintinance of the customer domains (about 30 different
domains) and I have to disable the old administrator accross all the
domains. The thing is, his user account isnt' in the same ou
structure accross the domains, it's just kindof sporadically thown out
there. I'm also new to the scripting part of this, and all the script
help I can find requires me to enter in the FQDN. I just want a
script that I can push to the domain controllers, that will query the
domain name, then find the username and disable it.
Can this even be done or am I doomed to go through 30+ domain
controllers manually to disable this account? This guy left in a
hurry, and was what you may call "disgruntled" so if someone could
help me out on this in a hurry, I would greatly appriciate the help.
The trick is to know the "well-known SID" for Administrator. There are
probably better methods using AdsSecurity.dll, but here is how I did it:
================
' Bind to the domain.
Set objDomain = GetObject("LDAP://dc=MyDomain,dc=com";)
' Retrieve Sid of domain.
strSid = OctetToHexStr(objDomain.objectSid)
' Modify Sid for well-known Sid of Administrator.
strSid = "0105" & Mid(strSid, 5) & "F4010000"
' Bind to Administrator object using well-known Sid.
Set objAdmin = GetObject("LDAP://<SID=" & strSid & ">")
' Display Distinguished Name.
Wscript.Echo objAdmin.distinguishedName
' Disable the account.
objAdmin.AccountDisabled = True
objAdmin.SetInfo
Function OctetToHexStr(arrbytOctet)
' Function to convert OctetString (byte array) to Hex string.
Dim k
OctetToHexStr = ""
For k = 1 To Lenb(arrbytOctet)
OctetToHexStr = OctetToHexStr _
& Right("0" & Hex(Ascb(Midb(arrbytOctet, k, 1))), 2)
Next
End Function
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab -http://www.rlmueller.net
--
.
- Follow-Ups:
- Re: Removing user account accross multiple domains
- From: GBPackerBacker
- Re: Removing user account accross multiple domains
- References:
- Removing user account accross multiple domains
- From: GBPackerBacker
- Re: Removing user account accross multiple domains
- From: Richard Mueller [MVP]
- Removing user account accross multiple domains
- Prev by Date: Outlook, new appointment on pop3 account
- Next by Date: Re: Creating a Dialup connection
- Previous by thread: Re: Removing user account accross multiple domains
- Next by thread: Re: Removing user account accross multiple domains
- Index(es):
Relevant Pages
|
