+ Post New Thread
Results 1 to 14 of 14
Scripts Thread, HELP! Need VB script to remove the email address from General Tab in AD in Coding and Web Development; Hey Guys?Gals, First post.. Hopefully I can gain some information as well as contribute.... Right now, I am facing this: ...
  1. #1

    Join Date
    Apr 2011
    Posts
    10
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    HELP! Need VB script to remove the email address from General Tab in AD

    Hey Guys?Gals,

    First post.. Hopefully I can gain some information as well as contribute....

    Right now, I am facing this:

    I have a mixed AD setup.. Meaning servers with 2003 and servers with 2008...

    We have a process of terminating users.. Their mailbox gets archived, moved to termed OU, ect... However, each user is retaining the EMAIL address on the general tab of the AD properties of each user. What I am needing is a VB script that will clear everybodies EMAIL from the General tab. I have tried this:

    Const ADS_PROPERTY_CLEAR = 1

    Set objContainer = GetObject _
    ("LDAP://ou=Terminated Users,dc=corp,dc=CorpName,dc=com")

    objContainer.PutEx ADS_PROPERTY_CLEAR, "mail", 0

    objContainer.SetInfo

    That does not work. Well.... It executes without any errors. But when I check users email portion on the general tab within the terminated users OU, they still have the mail address filled in. I HAVE waited, refreashed, and replicated all DC......

    Any ideas??

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,383
    Thank Post
    797
    Thanked 1,585 Times in 1,388 Posts
    Blog Entries
    10
    Rep Power
    427
    Can you not select all the accounts > Right click > Properties and clear them that way?

  3. #3

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,654
    Thank Post
    324
    Thanked 506 Times in 474 Posts
    Rep Power
    177
    Quote Originally Posted by jonnyfive View Post
    That does not work. Well.... It executes without any errors. But when I check users email portion on the general tab within the terminated users OU, they still have the mail address filled in. I HAVE waited, refreashed, and replicated all DC......

    Any ideas??
    Simple answer (Unless I'm imaging this late at night), You're editting what user?

    Answer, None. You haven't told it at all what user to edit.

    Normally you'd do a LDAP://cn=Bob,ou=blahblah which would run on account Bob.

    You don't run it on anyone the way you wrote it. It has to be a user you're changing permissions, and if you want a group done you need to enumerate it through each user. Else as you're getting, it's running perfect, doing exactly what you asked it to. Set no-ones propertys :P

    Steve

  4. #4

    Join Date
    Apr 2011
    Posts
    10
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Our term process is automated... Yes, your method works, if I want to babysit AD every two minutes(this is a HUGE company).... That is how I initially cleared them out... But when our main term script runs, this field is not cleared. Thus bringing me to this question. Thank you though

  5. #5

    Join Date
    Apr 2011
    Posts
    10
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    @steve....

    I am not wanting a single user.. I am wanting EVERY user within the OU after the Term script places the user in the Terminated Users OU.... Here is another script I tried that WORKS... but the email address is " " which is a space... What is the correct way to put no values in the field?
    See the following:

    On Error Resume Next

    Const ADS_SCOPE_SUBTREE = 2

    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand = CreateObject("ADODB.Command")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"
    Set objCommand.ActiveConnection = objConnection

    objCommand.Properties("Page Size") = 1000
    objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

    objCommand.CommandText = _
    "SELECT AdsPath FROM 'LDAP://OU=Terminated Users,DC=corp,DC=fleishman,DC=com' WHERE objectCategory='user'"
    Set objRecordSet = objCommand.Execute

    objRecordSet.MoveFirst
    Do Until objRecordSet.EOF
    Set objUser = GetObject(objRecordSet.Fields("AdsPath").Value)
    strEmailAddress = objUser.Mail
    strEmailAddress = LCase(strEmailAddress)
    objUser.Mail = " " <------That is where the SPACE is for email.. Blanks it out, but I have a feeling it is not correct.. How can I VOID value out......
    objUser.SetInfo

    objRecordSet.MoveNext
    Loop

  6. #6

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,654
    Thank Post
    324
    Thanked 506 Times in 474 Posts
    Rep Power
    177
    If you read what I said though, You're not setting ANY user. You have to set a SINGLE user, and enumerate it through...

    As it is your original script is NOT set to change anyone. No-one.

    Notice in the second script, It's looping through each user "setting a SINGLE user at a time"

    Try this:


    Const ADS_PROPERTY_CLEAR = 1
    Set objContainer = GetObject("LDAP://ou=Terminated Users,dc=corp,dc=CorpName,dc=com")
    objContainer.Filter = Array("user")
    For Each objUser In objContainer
    objUser.PutEx ADS_PROPERTY_CLEAR, "mail", 0
    objUser.SetInfo
    Next


    Steve

  7. Thanks to Steve21 from:

    jonnyfive (22nd April 2011)

  8. #7

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,654
    Thank Post
    324
    Thanked 506 Times in 474 Posts
    Rep Power
    177
    Think of it like this:

    You have 5 users, MrA, MrB... MrE

    Originally your code before you editted it said:

    Set MrA = Blue
    So it'd change MrA to Blue.
    Now you changed it to Set "blank" = Blue.
    Blank doesn't equal everyone, it equals no-one.
    So now you need to change it do to:

    For MrA-MrE
    Set User = Blue
    Next
    etc

    That make more sense? It's late, so apologies if that seems rudely written. Just trying to explain why you need to edit, each user, and not just leave it blank as such

    Did you try the code above?

    Steve

  9. #8


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,098
    Thank Post
    203
    Thanked 2,383 Times in 1,763 Posts
    Rep Power
    703
    PowerShell seems much better suited to this task...

    Code:
    Get-QADUser -SearchRoot 'corpname.com/Terminated Users' | Set-QADUser -ObjectAttributes @{mail=$null}

  10. #9

    Join Date
    Apr 2011
    Posts
    10
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Will try tomorrow morning. Thank you all for such good input. And yes, explanation helped out.

    J

    Quote Originally Posted by Arthur View Post
    PowerShell seems much better suited to this task...

    Code:
    Get-QADUser -SearchRoot 'corpname.com/Terminated Users' | Set-QADUser -ObjectAttributes @{mail=$null}

  11. #10

    Join Date
    Apr 2011
    Posts
    10
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by Arthur View Post
    PowerShell seems much better suited to this task...

    Code:
    Get-QADUser -SearchRoot 'corpname.com/Terminated Users' | Set-QADUser -ObjectAttributes @{mail=$null}
    Tried Powershell and got this:

    The term 'Get-QADUser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
    spelling of the name, or if a path was included, verify that the path is correct and try again.
    At line:1 char:12
    + Get-QADUser <<<< -SearchRoot 'lab.fhdevlab.com/Terminated Users' | Set-QADUser -ObjectAttributes @{mail=$null}
    + CategoryInfo : ObjectNotFound: (Get-QADUser:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException


    ???? Will try VB now..

    Thanks again

  12. #11

    Join Date
    Apr 2011
    Posts
    10
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    With the VB script I get a General access denied... It seems to work for all the accounts except the last one... The "Next" is seeming to hang it up.. And my account is Admin, Domain Admin, Enterprise Admin, Org Manager, Schema Admin.... So I don's see permissions as an issue...

  13. #12

    Join Date
    Apr 2011
    Posts
    10
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Scratch that... In the test bed it did not work... Which does not suprise me... I tested it on a test OU live.. and it worked flawlessly. I am curios however, as to why the PS didn't work... Again, probably a test bed thing.

  14. #13


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,098
    Thank Post
    203
    Thanked 2,383 Times in 1,763 Posts
    Rep Power
    703
    Quote Originally Posted by jonnyfive View Post
    The term 'Get-QADUser' is not recognized as the name of a cmdlet, function, script file, or operable program.
    I should have mentioned you need to download and install Quest's ActiveRoles PowerShell Snap-in for that to work.

    Try this once you have the snap-in installed...

    Code:
    Add-PSSnapin Quest.ActiveRoles.ADManagement
    
    Get-QADUser -SearchRoot 'corpname.com/Terminated Users' | Set-QADUser -ObjectAttributes @{mail=$null}
    or

    Code:
    Add-PSSnapin Quest.ActiveRoles.ADManagement
    
    Get-QADUser -SearchRoot 'OU=Terminated Users,DC=corp,DC=corpname,DC=com' | Set-QADUser -ObjectAttributes @{mail=$null}
    By the way, to load the snap-in automatically here are some instructions on how to add it to your PowerShell profile...

    http://desktopfeedbag.com/2008/08/02...ve-powershell/
    Last edited by Arthur; 22nd April 2011 at 03:18 PM.

  15. Thanks to Arthur from:

    jonnyfive (22nd April 2011)

  16. #14

    Join Date
    Apr 2011
    Posts
    10
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    One last thing... The following is the actual snippit from our term script that is calling the individual user to be terminated's email address... Notice there is a call to LDAP with predefined scopes.. In here somewhere, could I insert something that will just piggyback off of this LDAP call and clear the AD property along with it's clearing of the SMTP and x400 addressess??



    Dim objUser, entry

    eAddresses = ""
    set objUser = GetObject("LDAP://"& g_sDN)

    For Each entry in objUser.GetEx("proxyAddresses")

    If instr(entry,"X400") = 0 Then
    eAddresses = eAddresses & entry & " , "
    end if

    Next

    eAddresses = Replace(eAddresses,"smtp","")
    eAddresses = Replace(eAddresses,"SMTP","")
    eAddresses = Replace(eAddresses,":","")

    WriteLog "SMTP Email Addresses: " & eAddresses
    sbEmail.Add "SMTP Email Addresses: " & eAddresses & vbcrlf

    if err.number <> 0 then
    'errorHandler "Get SMTP Info Failed ", hex(err.number), err.Description, false
    WriteLog "Unable to get SMTP info"
    err.clear
    end if

SHARE:
+ Post New Thread

Similar Threads

  1. Remove the Sharing tab from folder properties
    By timbo343 in forum Windows 7
    Replies: 1
    Last Post: 5th March 2011, 05:11 PM
  2. Hide Email Address from the 'To' in a sent email
    By thesk8rjesus in forum Network and Classroom Management
    Replies: 11
    Last Post: 16th September 2008, 12:32 PM
  3. remove windows explorer address bar
    By hipsdontlie in forum Windows
    Replies: 0
    Last Post: 10th March 2008, 12:22 PM
  4. New Email Address
    By Geoff in forum General Chat
    Replies: 0
    Last Post: 5th July 2007, 08:04 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •