Take Ownership of Folder

So I am trying to write a script, to do the following:

1. delete a user from Active Directory
2. delete their home folder on the server (using a UNC path)
3. delete the users mailbox

I have a script written to delete the user from Active Directory and I also
know how to delete a folder from a server using the File System object.

My problem is, I do not have permissions to delete the folder. When we, as
administrators go to manually delete folder, we must take ownership first,
and then we can delete it. So how in asp or vbscript, can I take ownership of
a folder? Once I have ownership, I can delete the folders.

Any help would be appreciated.

Thanks
Steve

Jerold
Mon Sep 18 10:59:12 CDT 2006

On Mon, 18 Sep 2006 06:59:02 -0700, swwalsh <swwalsh@discussions.microsoft.com> wrote:

>So I am trying to write a script, to do the following:
>
>1. delete a user from Active Directory
>2. delete their home folder on the server (using a UNC path)
>3. delete the users mailbox
>
>I have a script written to delete the user from Active Directory and I also
>know how to delete a folder from a server using the File System object.
>
>My problem is, I do not have permissions to delete the folder. When we, as
>administrators go to manually delete folder, we must take ownership first,
>and then we can delete it. So how in asp or vbscript, can I take ownership of
>a folder? Once I have ownership, I can delete the folders.
>
>Any help would be appreciated.
>
>Thanks
>Steve
set owner with SubInAcl, tip 8530 » Corrected version of SubInAcl
in the 'Tips & Tricks' at http://www.jsifaq.com

Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
http://www.jsifaq.com

swwalsh
Mon Sep 18 13:06:02 CDT 2006

This is using a command line tool. I want ot do this in vbscript... This is
how I would set permissions on a folder... I need to know how to take
ownership ssomething liek the following.

strHomeDirectory = "\\server\foldername\"

'set permissions on student folder on curly
Const WRITE_DAC = &H40000
Const WRITE_OWNER = &H80000
Const DELETE_CHILD = &H40
ALL_ACCESS = &HF0000 Or &H100000 Or &H1FF
Const CONTAINER_INHERIT_ACE = &H2
Const OBJECT_INHERIT_ACE = &H1
Const ADS_RIGHT_GENERIC_READ = &H80000000
Const ADS_ACETYPE_ACCESS_ALLOWED = 0

dim replace
Dim sTrustees(2, 1)
replace = true

sTrustees(0,0)="Administrators"
sTrustees(0,1)="Full Control"
sTrustees(1,0)="Server Operators"
sTrustees(1,1)="Full Control"
sTrustees(2,0)="DOMAIN\username"
sTrustees(2,1)="Full Control"

setpermissions strHomeDirectory, sTrustees,replace

'********************************************************************
'*
'* Function SetPermissions(ByVal folder, byval sTrustees, byval replace)
'*
'* Purpose: Sets permissions on folder
'* Input: folder folder to set permissions on
'* sTrustees user to give permissions too
'* replace inherit or not
'*
'* Output: folder permissions will be changed to listed permissions
'*
'********************************************************************

Sub SetPermissions(ByVal folder, byval sTrustees, byval replace)

Set sec = CreateObject("ADsSecurity")
Set sd = sec.GetSecurityDescriptor("FILE://" & folder)
Set dacl = sd.DiscretionaryAcl

If replace Then
For Each newAce In dacl
dacl.RemoveAce newAce
Next
End If

For i = 0 To UBound(sTrustees)

Set ace = CreateObject("AccessControlEntry")
ace.Trustee = sTrustees(i, 0)
Select Case sTrustees(i, 1)
Case "Full Control"
ace.AccessMask = ALL_ACCESS
Case "Modify"
ace.AccessMask = ALL_ACCESS And Not (WRITE_DAC Or WRITE_OWNER Or
DELETE_CHILD)
Case "Read"
ace.AccessMask = ADS_RIGHT_GENERIC_READ
End Select

ace.AceFlags = CONTAINER_INHERIT_ACE Or OBJECT_INHERIT_ACE
ace.AceType = ADS_ACETYPE_ACCESS_ALLOWED
dacl.AddAce ace

Next

sec.SetSecurityDescriptor sd

End Sub