Delete Stuff in AD
Once again another script to help one of my colleagues in need of a method of bulk deleting objects in AD taken from a list in CSV file. In this instance he need it for deletion of groups that they had determined as no longer useful. Bizarrely, this type of script did not exist when he searched for it (I would have thought someone would have written something like this previously). Actually I had some written some of this code already over 8 years ago and decided to repurpose it for my colleague.
Below is a listing of the VBScript. It reads in a file named Groups.csv that contains a list of all groups (sAMAccountName's) to be deleted (the original CSV file also had a second column that had the group type integer, but the script strips this). The script works in the domain of the currently logged on credentials, so you need the necessary permissions in AD for it to work.
Normally, I comment my scripts a lot more, but this was a rush order :-) and I haven't had the time to revisit it (and I an trying to move from VBScript now).
My colleague has proven, the script is easily altered to enable it t delete any type of object and these scripts have been posted to Microsoft Script Center.
'Script deletes security groups from a csv file.
'csv format is strsAMGroupName,Whatever
'This script is offered with no warranty
'On Error Resume Next 'used in case group not found
Option Explicit
Const ForReading = 1
Dim strL, spl1, strOU, strGroupCN, strGroupName
Dim objFSO, objInputFile
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objInputFile = objFSO.OpenTextFile(".\groups.csv", ForReading) 'your csv file
wscript.echo "script started"
'extract from csv file
Do until objInputFile.AtEndOfStream
strL = objInputFile.ReadLine
spl1 = Split(strL, ",")
strGroupName = (spl1(0))
If GroupExists(strGroupName) = True Then
'WScript.Echo strGroupName & " exists."
DelGroup
End If
Loop
Set objFSO = Nothing
Set objInputFile = Nothing
wscript.echo "script finished"
'group exist check
Function GroupExists(strsAMGroupName)
Dim strDNSDomain, strFilter, strQuery
Dim objConnection, objCommand, objRootLDAP, objLDAPGroup, objRecordSet
GroupExists = False
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
Set objRootLDAP = GetObject("LDAP://RootDSE")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
'objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
strDNSDomain = objRootLDAP.Get("DefaultNamingContext")
strFilter = "(&(objectCategory=group)(sAMAccountName=" & strsAMGroupName & "))"
strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter & ";sAMAccountName,adspath,CN;subTree"
objCommand.CommandText = strQuery
'WScript.Echo strFilter
'WScript.Echo strQuery
Set objRecordSet = objCommand.Execute
If objRecordSet.RecordCount = 1 Then
objRecordSet.MoveFirst
'WScript.Echo "We got here " & strsAMGroupName
'WScript.Echo objRecordSet.Fields("sAMAccountname").Value
'WScript.Echo objRecordSet.Fields("adspath").Value
If objRecordSet.Fields("sAMAccountname").Value = strsAMGroupName Then
GroupExists = True
Set objLDAPGroup = GetObject(objRecordSet.Fields("adspath").Value)
strOU = objLDAPGroup.Parent
strGroupCN = objRecordSet.Fields("CN").Value
End If
Else
WScript.Echo strsAMGroupName & " Group doesn't exist or Duplicate sAMAccountName"
GroupExists = False
strGroupCN = ""
strOU = ""
End If
objRecordSet.Close
Set objConnection = Nothing
Set objCommand = Nothing
Set objRootLDAP = Nothing
Set objLDAPGroup = Nothing
Set objRecordSet = Nothing
end function
Sub DelGroup
Dim objOU
'WScript.Echo strOU
'WScript.Echo strGroupCN
Set objOU = GetObject(strOU)
objOU.Delete "Group", "cn=" & strGroupCN & ""
WScript.Echo strGroupName & " (CN=" & strGroupCN & ") has been deleted."
Set ObjOU = Nothing
strGroupCN = ""
End Sub