Share via

Delete Stuff in AD

  • Article

Once again another script to help one of my colleagues in need of a method of bulk deleting objects in AD taken from a list in CSV file. In this instance he need it for deletion of groups that they had determined as no longer useful. Bizarrely, this type of script did not exist when he searched for it (I would have thought someone would have written something like this previously). Actually I had some written some of this code already over 8 years ago and decided to repurpose it for my colleague.

Below is a listing of the VBScript. It reads in a file named Groups.csv that contains a list of all groups (sAMAccountName's) to be deleted (the original CSV file also had a second column that had the group type integer, but the script strips this). The script works in the domain of the currently logged on credentials, so you need the necessary permissions in AD for it to work.

Normally, I comment my scripts a lot more, but this was a rush order :-) and I haven't had the time to revisit it (and I an trying to move from VBScript now).

 

My colleague has proven, the script is easily altered to enable it t delete any type of object and these scripts have been posted to Microsoft Script Center.

 

'Script deletes security groups from a csv file.
'csv format is strsAMGroupName,Whatever
'This script is offered with no warranty
'On Error Resume Next 'used in case group not found
Option Explicit

Const ForReading = 1

Dim strL, spl1, strOU, strGroupCN, strGroupName
Dim objFSO, objInputFile

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objInputFile = objFSO.OpenTextFile(".\groups.csv", ForReading) 'your csv file

wscript.echo "script started"

'extract from csv file
Do until objInputFile.AtEndOfStream
 strL = objInputFile.ReadLine
 spl1 = Split(strL, ",")
 strGroupName = (spl1(0))
 If GroupExists(strGroupName) = True Then
  'WScript.Echo strGroupName & " exists."
  DelGroup
 End If   
Loop

Set objFSO = Nothing
Set objInputFile = Nothing

wscript.echo "script finished"

'group exist check
Function GroupExists(strsAMGroupName)

Dim strDNSDomain, strFilter, strQuery
Dim objConnection, objCommand, objRootLDAP, objLDAPGroup, objRecordSet

GroupExists = False
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
Set objRootLDAP = GetObject("LDAP://RootDSE")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
'objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

strDNSDomain = objRootLDAP.Get("DefaultNamingContext")
strFilter = "(&(objectCategory=group)(sAMAccountName=" & strsAMGroupName & "))"

strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter & ";sAMAccountName,adspath,CN;subTree"

objCommand.CommandText = strQuery
'WScript.Echo strFilter
'WScript.Echo strQuery
Set objRecordSet = objCommand.Execute

If objRecordSet.RecordCount = 1 Then

objRecordSet.MoveFirst
    'WScript.Echo "We got here " & strsAMGroupName     
 'WScript.Echo objRecordSet.Fields("sAMAccountname").Value
 'WScript.Echo objRecordSet.Fields("adspath").Value
 If objRecordSet.Fields("sAMAccountname").Value = strsAMGroupName Then
  GroupExists = True
  Set objLDAPGroup = GetObject(objRecordSet.Fields("adspath").Value)
  strOU = objLDAPGroup.Parent
  strGroupCN = objRecordSet.Fields("CN").Value
 End If
Else
 WScript.Echo strsAMGroupName & " Group doesn't exist or Duplicate sAMAccountName"
 GroupExists = False
 strGroupCN = ""
 strOU = ""
End If

objRecordSet.Close
Set objConnection = Nothing
Set objCommand = Nothing
Set objRootLDAP = Nothing
Set objLDAPGroup = Nothing
Set objRecordSet = Nothing

end function

Sub DelGroup

Dim objOU

'WScript.Echo strOU
'WScript.Echo strGroupCN
Set objOU = GetObject(strOU)
objOU.Delete "Group", "cn=" & strGroupCN & ""
WScript.Echo strGroupName & " (CN=" & strGroupCN & ") has been deleted."

Set ObjOU = Nothing
strGroupCN = ""

End Sub

 

Bulkdeletegroups.vbs.txt

Comments

  • Anonymous
    January 01, 2003
    John, I would wholeheartedly agree with you, but in this instance the customer was ...... how can put this nicely ....... a bit tentative on allowing Powershell usage in their environment (yes these environments still exist) thus VBScript it was. And as I had written some of the code already a need was filled.

  • Anonymous
    January 01, 2003
    Parabens pelo Script.

  • Anonymous
    July 02, 2012
    have to check my calendar, yup it still 2012 and I haven't been warped back in time. Why would anyone spend time doing this in vbs now, when it's like 1 powershell command?  (probably as simple as   get-content zapme.csv | remove-adgroup what am I missing ?