Re: Query disabled users and delete their memberof associations
- From: "Paul Williams [MVP]" <ptw2001@xxxxxxxxxxx>
- Date: Fri, 9 Feb 2007 09:34:19 -0000
I had a similar request for this, but in my case "they" wanted to keep the
membership somewhere so that it could easliy be retained. I took a
developer aside and told him this (this isn't pretty, but we had certain
security requirements and political crap that had to be dealt with):
Write some code that does the following:
-- Takes the user's sAMAccountName as input
-- Grab the memberOf attribute and dump the contents into an array
-- Disable the user object
-- Get the RID of each group in the array, and concatenate into a semi-colon
delimited string value.
-- Write that value to an unused string attribute of the user.
-- If the string is > 1000 characters, split it and use another attribute.
-- Connect to each group in that list and remove the user object.
We had three attributes that would be used for this.
It hasn't been implemented yet.
LOL.
As others have said, you need to code this.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
.
- Follow-Ups:
- Re: Query disabled users and delete their memberof associations
- From: Joe Richards [MVP]
- Re: Query disabled users and delete their memberof associations
- From: bryan
- Re: Query disabled users and delete their memberof associations
- From: bryan
- Re: Query disabled users and delete their memberof associations
- Prev by Date: Re: Export active directory database (i just want the OU and the group policies)
- Next by Date: Re: DC's not logging Event ID's 528,538,540 (logons)
- Previous by thread: Re: Query disabled users and delete their memberof associations
- Next by thread: Re: Query disabled users and delete their memberof associations
- Index(es):
Relevant Pages
|
