P^i

VBScript: How Can I Delete All the Users in an Active Directory Group?

As it turns out, if all you want to do is delete a few Active Directory group memberships, well, that can be done using a script no more complicated than this:

 

Const ADS_PROPERTY_CLEAR = 1
 
Set objGroup = GetObject("LDAP://cn=Finance Users,ou=Finance,dc=fabrikam,dc=com")
 
objGroup.PutEx ADS_PROPERTY_CLEAR, "member", 0
objGroup.SetInfo

 

We agree: if only deleting other kinds of groups was that easy! As you can see, we start out by defining a constant named ADS_PROPERTY_CLEAR and setting the value to 1; we’ll use this constant to tell the script that we want to clear all the values of the group’s Member attribute. (Needless to say, the Member attribute is a multi-valued attribute that contains the list of group members.) After defining the constant we then use this line of code to connect to the group in question, in this case the Finance Users group located in fabrikam.com’s Finance OU:

 

Set objGroup = GetObject("LDAP://cn=Finance Users,ou=Finance,dc=fabrikam,dc=com")

 

Amazingly enough, we’re halfway done at this point. After binding to the group account we use the PutEx method to actually clear the group membership. (The PutEx method is an ADSI method designed to work with multi-valued attributes, attributes that can contain multiple values, like multiple user names.) We need to pass PutEx three parameters:

 

1. ADS_PROPERTY_CLEAR, the constant that tells PutEx we want to delete all the values in the specified attribute. Other constants – and their corresponding values – would enable us to do things like add new members to the group or delete specified members from the group.

2. Member, the multi-valued attribute we want to clear.

3. 0, the new value being assigned to the attribute. Technically it doesn’t matter what value we specify here: when you perform an operation using ADS_PROPERTY_CLEAR ADSI ignores this third parameter. However, if you leave the parameter out you’ll get a “Wrong number of arguments” error. We put a 0 here simply as a reminder that, when the script finishes, the Finance Users group will have 0 members.

 

After calling the PutEx method we’re left with just one final task: we need to call the SetInfo method to write these changes (i.e., delete all the group memberships) back to Active Directory. That’s what we do with this line of code:

 

objGroup.SetInfo

 

Execute that last line and, just like that, all the members of the Finance Users group will be deleted.

Basics of VBScript can be found here

VBScript How Can I Delete All the Users in an Active Directory Group , vbscript active directory groups , vbscript delete all the users ,