Remove an account from all groups except the primary
Top  Previous  Next


An account must be member of at least one group: the "primary group". The below code removes an account from all groups except the primary.

Required
ADsSecurity.dll

[Settings_Begin] 
BatchSettings.Delimiter=TAB 
BatchSettings.MarkerCol=4 
BatchSettings.MarkersAutoRemove=Yes 

SET ADDomainPath=dc=com/dc=acme/dc=D31
SET ADOUPath=cn=users
SET ADpath=%ADDomainPath%/%ADOUPath%/cn=%col1%
[Settings_End] 

[Machines_Begin] 
\\MAIN04      NT PDC    
[Machines_End] 

[Batch_Begin] 
Data.Loop       
 SET col0=ADValue (ADPath,%ADpath%,samAccountName)   
 // Variable "col0" now contains samAccountName   
 //  (name "col0" chosen to "fool" syntax checker)   
 SET primaryGroup=ADValue (ADPath,%ADpath%,primaryGroup)
 Account.Set.Group.Global %col0%, %primaryGroup%   
Data.EndLoop   
[Batch_End] 

[Data_Begin]
accountname1
accountname2
[Data_End]