Membership...

TheMSsForum.com: The Microsoft Software Forum

Please help.
I would like to remove DOMAIN account from a LOCAL administrators group
REMOTELY using vb script. Can anybody either point me the way for more
reading material for the subject or present me with the vb script? The
following script can remove the member of the Administrators group if the
account is a LOCAL account to that computer. If the account is a DOMAIN
account, I got the error with message: 'A member could not be added or
removed from the local group because the member does not exist'.

Dim oDomain,oGroup,sDomain,sGroup,sUser
sDomain = "TheRemotePC" 'local host; member of the Active Directory
domain
sGroup = "Administrators"
sUser = "JDow" 'a domain account; not an account to the local pc
Set oDomain = GetObject("WinNT://" & sDomain)
Set oGroup = oDomain.GetObject("Group", sGroup)
oGroup.Remove("WinNT://" & sDomain & "/" & sUser)
Top

Re: Membership... by Torgeir

Torgeir
Fri Jul 22 14:08:58 CDT 2005

Fan Fan wrote:

> Please help.
> I would like to remove DOMAIN account from a LOCAL administrators group
> REMOTELY using vb script. Can anybody either point me the way for more
> reading material for the subject or present me with the vb script? The
> following script can remove the member of the Administrators group if the
> account is a LOCAL account to that computer. If the account is a DOMAIN
> account, I got the error with message: 'A member could not be added or
> removed from the local group because the member does not exist'.
>
> Dim oDomain,oGroup,sDomain,sGroup,sUser
> sDomain = "TheRemotePC" 'local host; member of the Active Directory
> domain
> sGroup = "Administrators"
> sUser = "JDow" 'a domain account; not an account to the local pc
> Set oDomain = GetObject("WinNT://" & sDomain)
> Set oGroup = oDomain.GetObject("Group", sGroup)
> oGroup.Remove("WinNT://" & sDomain & "/" & sUser)
>
Hi,

You need to include the domain the user is member of in the ADsPath
you feed to the Remove method.

This works for me:

'--------------------8<----------------------
Option Explicit

Dim sComputer, sUserDomain, sGroup, sUser, oGroup

sComputer = "TheRemotePC" ' local host; member of the Active Directory domain
sUserDomain = "mydomain" ' the domain the user is member of
sGroup = "Administrators"
sUser = "JDow" ' a domain account; not an account to the local pc

Set oGroup = GetObject("WinNT://" & sComputer & "/" & sGroup & ",group")
oGroup.Remove("WinNT://" & sUserDomain & "/" & sUser)

'--------------------8<----------------------



--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx
Top

Re: Membership... by Fan

Fan
Fri Jul 22 15:56:28 CDT 2005

Hi, Torgeir,

It works great. Thank you so much for the help.

Fan

"Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> wrote in message
news:%23UOH9GvjFHA.576@tk2msftngp13.phx.gbl...
> Fan Fan wrote:
>
>> Please help.
>> I would like to remove DOMAIN account from a LOCAL administrators group
>> REMOTELY using vb script. Can anybody either point me the way for more
>> reading material for the subject or present me with the vb script? The
>> following script can remove the member of the Administrators group if the
>> account is a LOCAL account to that computer. If the account is a DOMAIN
>> account, I got the error with message: 'A member could not be added or
>> removed from the local group because the member does not exist'.
>>
>> Dim oDomain,oGroup,sDomain,sGroup,sUser
>> sDomain = "TheRemotePC" 'local host; member of the Active Directory
>> domain
>> sGroup = "Administrators"
>> sUser = "JDow" 'a domain account; not an account to the local pc
>> Set oDomain = GetObject("WinNT://" & sDomain)
>> Set oGroup = oDomain.GetObject("Group", sGroup)
>> oGroup.Remove("WinNT://" & sDomain & "/" & sUser)
>>
> Hi,
>
> You need to include the domain the user is member of in the ADsPath
> you feed to the Remove method.
>
> This works for me:
>
> '--------------------8<----------------------
> Option Explicit
>
> Dim sComputer, sUserDomain, sGroup, sUser, oGroup
>
> sComputer = "TheRemotePC" ' local host; member of the Active Directory
> domain
> sUserDomain = "mydomain" ' the domain the user is member of
> sGroup = "Administrators"
> sUser = "JDow" ' a domain account; not an account to the local
> pc
>
> Set oGroup = GetObject("WinNT://" & sComputer & "/" & sGroup & ",group")
> oGroup.Remove("WinNT://" & sUserDomain & "/" & sUser)
>
> '--------------------8<----------------------
>
>
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scriptcenter/default.mspx


Top

Re: Membership... by Fan

Fan
Fri Jul 22 17:15:21 CDT 2005

Hi, Torgeir,

Thanks again for the solution for my previous posting.

As I work along, I am facing another problem. That is, the local
Administrators group in some computers contrain members with deleted domain
account (or it maybe from another domain we scrapped) such as this:
S-1-5-21-745281606-593586046-1819828000-500. What is "mydomain" suposed to
be since the account is unknown or no longer exist? I have about 500 pc to
work with. Please help again.

Fan


"Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> wrote in message
news:%23UOH9GvjFHA.576@tk2msftngp13.phx.gbl...
> Fan Fan wrote:
>
>> Please help.
>> I would like to remove DOMAIN account from a LOCAL administrators group
>> REMOTELY using vb script. Can anybody either point me the way for more
>> reading material for the subject or present me with the vb script? The
>> following script can remove the member of the Administrators group if the
>> account is a LOCAL account to that computer. If the account is a DOMAIN
>> account, I got the error with message: 'A member could not be added or
>> removed from the local group because the member does not exist'.
>>
>> Dim oDomain,oGroup,sDomain,sGroup,sUser
>> sDomain = "TheRemotePC" 'local host; member of the Active Directory
>> domain
>> sGroup = "Administrators"
>> sUser = "JDow" 'a domain account; not an account to the local pc
>> Set oDomain = GetObject("WinNT://" & sDomain)
>> Set oGroup = oDomain.GetObject("Group", sGroup)
>> oGroup.Remove("WinNT://" & sDomain & "/" & sUser)
>>
> Hi,
>
> You need to include the domain the user is member of in the ADsPath
> you feed to the Remove method.
>
> This works for me:
>
> '--------------------8<----------------------
> Option Explicit
>
> Dim sComputer, sUserDomain, sGroup, sUser, oGroup
>
> sComputer = "TheRemotePC" ' local host; member of the Active Directory
> domain
> sUserDomain = "mydomain" ' the domain the user is member of
> sGroup = "Administrators"
> sUser = "JDow" ' a domain account; not an account to the local
> pc
>
> Set oGroup = GetObject("WinNT://" & sComputer & "/" & sGroup & ",group")
> oGroup.Remove("WinNT://" & sUserDomain & "/" & sUser)
>
> '--------------------8<----------------------
>
>
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scriptcenter/default.mspx


Top