Script to remove Profile Path In AD

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Anyone know of a script that will do this???????

orry it's short and sweet, really busy at work

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Derek, this is just the same answer as the one I gave for the changing AD thread only chopped down a bit

[code:1:ebd10e1af3]
'This line gets the user
Set colAccounts = GetObject("LDAP://cn=USER,ou=YEAR1,dc=DOM,dc=CO,dc=UK")
'These lines set the path to nothing and save
objUser.Put "profilePath", ""
objUser.SetInfo
[/code:1:ebd10e1af3]

Just change the LDAP bit to the fqdn of your user.

 

Can this script be changed so that it will retrieve a list of ALL the users in AD and place it in a text file then use the text file to carryout the profile path change?

If so, how, I have NEVER written a script in my life.

Also, what is FQDN? and would the line i need to change be

Set colAccounts = GetObject("LDAP://cn=demerson,ou=technology,dc=Labour,dc=org,dc=CO,dc=UK") if i was just running the script for me? and would i leave the ( ) in?

 

Fully Qualified Domain Name

That's all I can help you with, scripting isn't my forte at the mo.

 

Hi Derek,

First of all let me apologise for the first script, it wouldn't work if you tried it. I thought you would be able to set the attribute to null in the same way as you normally would with a variable "" but it doesn't let you. So if you wanted to only modify a single user you should use the following

[code:1:19ccf45a51]
'This line gets the user
Set colAccounts = GetObject("LDAP://cn=USER,ou=YEAR1,dc=DOM,dc=CO,dc=UK")
'These lines set the path to nothing and save
objUser.Putex 1, "profilePath", 0
objUser.SetInfo
[/code:1:19ccf45a51]

Now, if you want to modify every user in an AD domain use the following. Again modifying the LDAP bit to reflect your domain. Beware though, this will swat every single user in your domain, if you don't want to modify some of the users don't run this code.

[code:1:19ccf45a51]
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection

objCommand.CommandText = _
"<LDAP://dc=tip,dc=co,dc=uk>;" &_
"(&(objectCategory=person)(objectClass=user));" &_
"ADsPath;subtree"

Set objRecordSet = objCommand.Execute

While Not objRecordset.EOF
strADsPath = objRecordset.Fields("ADsPath")
Set objUser = GetObject(strADsPath)
objUser.PutEx 1, "profilePath",0
objUser.SetInfo
objRecordset.MoveNext
Wend

Wscript.Echo objRecordSet.RecordCount & " user accounts modified."

objConnection.Close
[/code:1:19ccf45a51]

You could narrow the field of the search by adding an ou into the LDAP path. So the script would search the ou you specify and all of it's sub-ou's.

I would strongly recommend anybody who uses this script to test it in a lab environment first just to see how it behaves and make sure it does what they require (sermon over )

HTH

 

That looks great phil, I will run it on my home Lab before running it on the Government network.

thanks alot

Your the master of the code

 

I have taken a look at the above script and have a few questions.

Will I have to run this script separately for each OU, is there a way for it just to work it's way through all the OU's until it reaches the end. if it will help I can email you a diagram of the AD tree.

 

The script I've posted will do the entire domain including ou's and sub ou's. If you want to just do a single ou tree add the ou to the LDAP bit.

 

Superb Phil, will run it on a test lab sometime over the weekend.

Will let you know how it goes.

 

Got another wuestion for you, does it matter how many Sub OU's there are. We have 3 main OU's, some of which have a sub OU others have multiple OU's, will this make a difference?

 

It shouldn't do, it should do the lot. I checked it on vmware last night with 1 sub ou, it would be easy to check though.