1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
|
Option Explicit
Const ADS_PROPERTY_DELETE = 4
Const ADS_GROUP_TYPE_GLOBAL_GROUP = &h2
Const ADS_GROUP_TYPE_LOCAL_GROUP = &h4
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = &h8
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &h80000000
dim parent,intRow,users,user
Dim objDelGroup, objRootLDAP, objGroup, objUser, objOU, objmemberOf
Dim objParent,objWorkbook,objExcel,strValue, strMail,strDescription,strInfo,intgroupType,distinguishedName,strSAMAccountName
dim groupParentLdap,strName, strUser, strDNSDomain, strLDAP, strList,root
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objInputFile = objFSO.CreateTextFile("c:\temp\shdrv.log", 2)
const ROOT_OU = "ou=<ROOT_OU>"
' read users list from excel file
Set objExcel = CreateObject("Excel.Application")
Set objWorkbook = objExcel.Workbooks.Open ("C:\temp\users_list.xls")
intRow = 1
user = objExcel.Cells(intRow,1).Value
Do Until user = ""
if users = "" then
users = user
else
users = users & "," & user
end if
intRow = intRow + 1
user = objExcel.Cells(intRow,1).Value
Loop
Set objRootLDAP = GetObject("LDAP://RootDSE")
strDNSDomain = objRootLDAP.Get("DefaultNamingContext")
root = "LDAP://" & ROOT_OU & "," & strDNSDomain
objInputFile.WriteLine root
RecurseOUs GetObject(root)
Sub RecurseOUs(objOU)
Dim objOUObject, strConnString
For Each objOUObject In objOU
If UCase(Left(objOUObject.Name, 3)) = "OU=" Then
strConnString = objOUObject.DistinguishedName
objInputFile.WriteLine strConnString
Set ObjUser = GetObject("LDAP://" & strConnString)
CheckUser strConnString
RecurseOUs ObjUser
End If
Next
End Sub
Sub CheckUser(strConnString)
On Error Resume Next
for each user in Split(users, ",")
objInputFile.WriteLine
objInputFile.WriteLine "User: " & user
strUser ="cn=" & user & ","
strLDAP ="LDAP://" & strUser & strConnString
objInputFile.WriteLine strLDAP
Set objUser = GetObject(strLDAP)
If Err.Number = 0 Then
Set objParent = GetObject(GetObject(objUser.Parent).Parent)
objParent.GetInfo
parent = Replace(objParent.Name, "CN=", "")
objInputFile.WriteLine "Parent Site: " & parent
objmemberOf = objUser.GetEx("memberOf")
For Each objGroup in objmemberOf
objInputFile.WriteLine
objInputFile.WriteLine "Group LDAP: " & objGroup
Set objGroup = GetObject("LDAP://" & objGroup)
objGroup.GetInfo
strName = objGroup.Get("name")
strSAMAccountName = objGroup.Get("sAMAccountName")
intgroupType = objGroup.Get("groupType")
distinguishedName = objGroup.Get("distinguishedName")
objInputFile.WriteLine "distinguishedName: " & distinguishedName
objInputFile.WriteLine "name: " & strName
objInputFile.WriteLine "sAMAccountName: " & strSAMAccountName
WScript.StdOut.Write "Group scope: "
If intGroupType AND ADS_GROUP_TYPE_LOCAL_GROUP Then
objInputFile.WriteLine "Domain local"
ElseIf intGroupType AND ADS_GROUP_TYPE_GLOBAL_GROUP Then
objInputFile.WriteLine "Global"
ElseIf intGroupType AND ADS_GROUP_TYPE_UNIVERSAL_GROUP Then
objInputFile.WriteLine "Universal"
Else
objInputFile.WriteLine "Unknown"
End If
WScript.StdOut.Write "Group type: "
If intGroupType AND ADS_GROUP_TYPE_SECURITY_ENABLED Then
objInputFile.WriteLine "Security group"
Else
objInputFile.WriteLine "Distribution group"
End If
objInputFile.WriteLine
objInputFile.WriteLine "***** validating user's group [START]********"
objInputFile.WriteLine "Looking for " & parent & " in " & distinguishedName
if InStr(UCase(distinguishedName), UCase(parent)) > 0 then
objInputFile.WriteLine "Group " & strName & " is under the same site as user " & user
groupParentLdap = "LDAP://" & ROOT_OU & "," & strDNSDomain
objInputFile.WriteLine "Prepare to remove group " & strName & " from " & groupParentLdap
Set objDelGroup = GetObject(groupParentLdap)
objDelGroup.Delete "group", "cn=" & strName
objInputFile.WriteLine "group " & strName & " was removed"
end if
objInputFile.WriteLine "***** validating user's group [END]********"
objInputFile.WriteLine
Next
End IF
Next
End Sub
objInputFile.Close
WScript.Quit
|