Re: Query disabled users and delete their memberof associations
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Thu, 08 Feb 2007 23:18:54 -0500
As discussed in other forums, group stuff is a bit trickier than the average. To truly comply to the intent, get the user out of all groups, there really is no way to do a single command line and actually to it unless there is a tool built specifically to hide all of the logic. Personally I would tackle this with a perl script and it would chase group nesting, DLs, cross domain memberships, etc.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Joe Kaplan wrote:
Basically, you can only modify the group's member attribute, so you need to get the DN of each group from memberOf and then go back and modify each of those to remove the user. I'm not sure if you can easily script this with command lines tools. It might be more straightforward to write an ADSI script that does it..
Joe R. might know a slick way to get ADFind/ADModify to do it as a one liner though. :)
Joe K.
- References:
- Re: Query disabled users and delete their memberof associations
- From: Erik Cheizoo
- Re: Query disabled users and delete their memberof associations
- From: bryan
- Re: Query disabled users and delete their memberof associations
- From: Joe Kaplan
- Re: Query disabled users and delete their memberof associations
- Prev by Date: Re: Daylight Savings Time 2007 and Windows 2000 Server...
- Next by Date: Re: Error calling DsRepl*() function
- Previous by thread: Re: Query disabled users and delete their memberof associations
- Next by thread: Re: Query disabled users and delete their memberof associations
- Index(es):
Relevant Pages
|
