Jump to content

HELP! Need VB script to remove the email address from General Tab in AD

jonnyfive

By jonnyfive
in Scripts

 Share

Recommended Posts

jonnyfive

jonnyfive

Posted
Posted

Hey Guys?Gals,

 

First post.. Hopefully I can gain some information as well as contribute....

 

Right now, I am facing this:

 

I have a mixed AD setup.. Meaning servers with 2003 and servers with 2008...

 

We have a process of terminating users.. Their mailbox gets archived, moved to termed OU, ect... However, each user is retaining the EMAIL address on the general tab of the AD properties of each user. What I am needing is a VB script that will clear everybodies EMAIL from the General tab. I have tried this:

 

Const ADS_PROPERTY_CLEAR = 1

 

Set objContainer = GetObject _

("LDAP://ou=Terminated Users,dc=corp,dc=CorpName,dc=com")

 

objContainer.PutEx ADS_PROPERTY_CLEAR, "mail", 0

 

objContainer.SetInfo

 

That does not work. Well.... It executes without any errors. But when I check users email portion on the general tab within the terminated users OU, they still have the mail address filled in. I HAVE waited, refreashed, and replicated all DC......

 

Any ideas??

Steve21

Steve21

Posted
Posted
That does not work. Well.... It executes without any errors. But when I check users email portion on the general tab within the terminated users OU, they still have the mail address filled in. I HAVE waited, refreashed, and replicated all DC......

 

Any ideas??

 

Simple answer (Unless I'm imaging this late at night), You're editting what user?

 

Answer, None. You haven't told it at all what user to edit.

 

Normally you'd do a LDAP://cn=Bob,ou=blahblah which would run on account Bob.

 

You don't run it on anyone the way you wrote it. It has to be a user you're changing permissions, and if you want a group done you need to enumerate it through each user. Else as you're getting, it's running perfect, doing exactly what you asked it to. Set no-ones propertys :p

 

Steve

jonnyfive

jonnyfive

Posted
  • Author
Posted
Our term process is automated... Yes, your method works, if I want to babysit AD every two minutes(this is a HUGE company).... That is how I initially cleared them out... But when our main term script runs, this field is not cleared. Thus bringing me to this question. Thank you though :)
jonnyfive

jonnyfive

Posted
  • Author
Posted

@steve....

 

I am not wanting a single user.. I am wanting EVERY user within the OU after the Term script places the user in the Terminated Users OU.... Here is another script I tried that WORKS... but the email address is " " which is a space... What is the correct way to put no values in the field?

See the following:

 

On Error Resume Next

 

Const ADS_SCOPE_SUBTREE = 2

 

Set objConnection = CreateObject("ADODB.Connection")

Set objCommand = CreateObject("ADODB.Command")

objConnection.Provider = "ADsDSOObject"

objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection

 

objCommand.Properties("Page Size") = 1000

objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

 

objCommand.CommandText = _

"SELECT AdsPath FROM 'LDAP://OU=Terminated Users,DC=corp,DC=fleishman,DC=com' WHERE objectCategory='user'"

Set objRecordSet = objCommand.Execute

 

objRecordSet.MoveFirst

Do Until objRecordSet.EOF

Set objUser = GetObject(objRecordSet.Fields("AdsPath").Value)

strEmailAddress = objUser.Mail

strEmailAddress = LCase(strEmailAddress)

objUser.Mail = " " <------That is where the SPACE is for email.. Blanks it out, but I have a feeling it is not correct.. How can I VOID value out......

objUser.SetInfo

objRecordSet.MoveNext

Loop

Steve21

Steve21

Posted
Posted

If you read what I said though, You're not setting ANY user. You have to set a SINGLE user, and enumerate it through...

 

As it is your original script is NOT set to change anyone. No-one.

 

Notice in the second script, It's looping through each user "setting a SINGLE user at a time"

 

Try this:

 

 

Const ADS_PROPERTY_CLEAR = 1

Set objContainer = GetObject("LDAP://ou=Terminated Users,dc=corp,dc=CorpName,dc=com")

objContainer.Filter = Array("user")

For Each objUser In objContainer

objUser.PutEx ADS_PROPERTY_CLEAR, "mail", 0

objUser.SetInfo

Next

 

 

Steve

  • Thanks 1
Steve21

Steve21

Posted
Posted

Think of it like this:

 

You have 5 users, MrA, MrB... MrE

 

Originally your code before you editted it said:

 

Set MrA = Blue

So it'd change MrA to Blue.

 

Now you changed it to Set "blank" = Blue.

Blank doesn't equal everyone, it equals no-one.

 

So now you need to change it do to:

 

For MrA-MrE

Set User = Blue

Next

etc

 

That make more sense? It's late, so apologies if that seems rudely written. Just trying to explain why you need to edit, each user, and not just leave it blank as such

 

Did you try the code above?

 

Steve

Arthur

Arthur

Posted
Posted

PowerShell seems much better suited to this task...

 

[url="http://wiki.powergui.org/index.php/Get-QADUser"]Get-QADUser[/url] -SearchRoot 'corpname.com/Terminated Users' | [url="http://wiki.powergui.org/index.php/Set-QADUser"]Set-QADUser[/url] -ObjectAttributes @{mail=$null}

jonnyfive

jonnyfive

Posted
  • Author
Posted

Will try tomorrow morning. Thank you all for such good input. And yes, explanation helped out.

 

J

 

PowerShell seems much better suited to this task...

 

[url="http://wiki.powergui.org/index.php/Get-QADUser"]Get-QADUser[/url] -SearchRoot 'corpname.com/Terminated Users' | [url="http://wiki.powergui.org/index.php/Set-QADUser"]Set-QADUser[/url] -ObjectAttributes @{mail=$null}

jonnyfive

jonnyfive

Posted
  • Author
Posted
PowerShell seems much better suited to this task...

 

[url="http://wiki.powergui.org/index.php/Get-QADUser"]Get-QADUser[/url] -SearchRoot 'corpname.com/Terminated Users' | [url="http://wiki.powergui.org/index.php/Set-QADUser"]Set-QADUser[/url] -ObjectAttributes @{mail=$null}

 

Tried Powershell and got this:

 

The term 'Get-QADUser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the

spelling of the name, or if a path was included, verify that the path is correct and try again.

At line:1 char:12

+ Get-QADUser <<<< -SearchRoot 'lab.fhdevlab.com/Terminated Users' | Set-QADUser -ObjectAttributes @{mail=$null}

+ CategoryInfo : ObjectNotFound: (Get-QADUser:String) [], CommandNotFoundException

+ FullyQualifiedErrorId : CommandNotFoundException

 

 

???? Will try VB now..

 

Thanks again

jonnyfive

jonnyfive

Posted
  • Author
Posted
With the VB script I get a General access denied... It seems to work for all the accounts except the last one... The "Next" is seeming to hang it up.. And my account is Admin, Domain Admin, Enterprise Admin, Org Manager, Schema Admin.... So I don's see permissions as an issue...
jonnyfive

jonnyfive

Posted
  • Author
Posted
Scratch that... In the test bed it did not work... Which does not suprise me... I tested it on a test OU live.. and it worked flawlessly. I am curios however, as to why the PS didn't work... Again, probably a test bed thing.
Arthur

Arthur

Posted
Posted (edited)
The term 'Get-QADUser' is not recognized as the name of a cmdlet, function, script file, or operable program.

I should have mentioned you need to download and install Quest's ActiveRoles PowerShell Snap-in for that to work. :)

 

Try this once you have the snap-in installed...

 

Add-PSSnapin Quest.ActiveRoles.ADManagement

Get-QADUser -SearchRoot 'corpname.com/Terminated Users' | Set-QADUser -ObjectAttributes @{mail=$null}

 

or

 

Add-PSSnapin Quest.ActiveRoles.ADManagement

Get-QADUser -SearchRoot 'OU=Terminated Users,DC=corp,DC=corpname,DC=com' | Set-QADUser -ObjectAttributes @{mail=$null}

 

By the way, to load the snap-in automatically here are some instructions on how to add it to your PowerShell profile...

 

http://desktopfeedbag.com/2008/08/02/how-to-add-quest-ad-tools-to-your-native-powershell/

Edited by Arthur
  • Thanks 1
jonnyfive

jonnyfive

Posted
  • Author
Posted

One last thing... The following is the actual snippit from our term script that is calling the individual user to be terminated's email address... Notice there is a call to LDAP with predefined scopes.. In here somewhere, could I insert something that will just piggyback off of this LDAP call and clear the AD property along with it's clearing of the SMTP and x400 addressess??

 

 

 

Dim objUser, entry

 

eAddresses = ""

set objUser = GetObject("LDAP://"& g_sDN)

 

For Each entry in objUser.GetEx("proxyAddresses")

 

If instr(entry,"X400") = 0 Then

eAddresses = eAddresses & entry & " , "

end if

 

Next

 

eAddresses = Replace(eAddresses,"smtp","")

eAddresses = Replace(eAddresses,"SMTP","")

eAddresses = Replace(eAddresses,":","")

 

WriteLog "SMTP Email Addresses: " & eAddresses

sbEmail.Add "SMTP Email Addresses: " & eAddresses & vbcrlf

 

if err.number <> 0 then

'errorHandler "Get SMTP Info Failed ", hex(err.number), err.Description, false

WriteLog "Unable to get SMTP info"

err.clear

end if

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


×
×
  • Create New...