AD Group Termination

[chris1979]

Folks
I have an application for which the termination process is not done for long time. This access is granted through AD Groups. We just recevied a file for inactive users and they are around 26000 users from various groups which needs to be removed.
So I would require a code which would delete users on a mass scale......cant think of deleting this manually. If we dont get anything we might end of removing the users manually and thats HELL

Help needed pls !!!

Thanks
Chris

 

[Satal Keto]

I think these may help;
http://www.vbdotnetforums.com/security/29794-remove-user-ad-within-visual-basic-net.html
Admittedly written in C# but can be easily converted to VB.Net
Fine-tune Your Active Directory Operations with .NET

Anyway I hope that these help put you on the right track

Satal

 

[chris1979]

Could this be used on a big scale....im pretty new to .net n all. Would require your assistance

 

[Satal Keto]

It would be possible, you would need to read in the collection of users to be deleted from somewhere (whether thats a file or a database) and then loop through each of them deleting the user from AD.
If you ask a more specific question about what you need then I can help you more.

 

[chris1979]

Thank you Satal - I have an application (business objects) in which access is granted through AD groups. Right now we have more than 30000 users which are either inactive or terminated employees. We are keen to cleanse the application asap otherwise we will liable to pay a penalty. We have a list of inactive employees along with the AD group names in a xls file, we want to use some automated way of removing the users from the respective AD groups.
And I am very new to .net, so would require your assistance from start to end but I will start to figure out things myself

 

[Satal Keto]

Ok well what format is the XLS, is it that you have one column of data and that's a username per row?

 

[chris1979]

It is just a excel file. yes this file has NT_names and their respective AD groups

 

[Satal Keto]

Ok do you have the NT_Names in one column and AD group in another?

I would suggest that you create a form and have two textboxes where you can fill in the details to delete one, to test out the system.
Obviously I would suggest ensuring that you have a backup of the data prior to you performing this just incase something goes wrong, it shouldn't but it never hurts to prepare for the worst.

Unfortunately I don't know a huge amount about accessing AD from VB.Net and I am trying to get the code working on my desktop and I seem to be having some problems with the active directory server at the moment :s I'm having a look to try and figure out what's going wrong and rather hoping I've messed up my code rather than something on the companies active directory.

 

[chris1979]

yes I have the data in two separate columns

Yes i agree with you to test the codes thoroughly before implementing it and also we have a backup also

Here is the piece of code...pls let me know whether this is ok for large scale

dsmod group "CN=US INFO,OU=Distribution Lists,DC=microsoft,DC=com" –rmmbr "CN=John Smith,CN=Users,DC=microsoft,DC=com" "CN=Datacenter,OU=Distribution Lists,DC=microsoft,DC=com"

 

[Satal Keto]

I have to admit I've never heard of dsmod before, but from the looks of it assuming you get the OU, DC and CN right, then by replacing the username as appropriate should deal with deleting the users.
Sorry I haven't been able to help more

 

[chris1979]

thats ok.........but can this be used for mass deletion also...pls let me know

 

[Satal Keto]

Going by the documentation I can't see a way of doing mass amounts in one go.
From the looks of it, the program is a command line utility so you could create a batch script which just runs through the lines of it.

To create the lines for the batch script I would personally try using say Excel put all the text before the username before the username column and all the text after the username after the username column, then copy the text down. Once you've got that then copy all the rows of data paste it into notepad then replace all the large spaces (I think they come up as a tab when pasted) with a single space, then save that file as a batch file then you can run it (although as suggested you should test it out with a couple first just to make sure its going to work the way you want it to).