SURE <G>
Code:
$LogFileName = "%UserProfile%\NetworkDomainUsersMembership" + @MONTHNO + @MDayNo + @Year + ".log"
$ComputerList = <machine array>
For Each $Computer in $ComputerList
If (UserInLocalGroup($Computer, "Users" , "Domain Users") = 'True')
RemoveUserFromGroup($computer, "Users", "Corp\Domain Users")
EndIf
Next
Function UserInLocalGroup($ComputerName, $Group, $User)
$GroupObj = GetObject("WinNT://" + $ComputerName + "/" + $Group)
$FlagFound = 'False';
For Each $UserObjG IN $GroupObj.Members
If $UserObjG.Name = $User
$FlagFound = 'True'
EndIf
Next
$UserInLocalGroup = $FlagFound
EndFunction
Function WriteLog ($LogFile, $LogString)
If Open(1, $LogFile, 5) = 0
$LogString = "@MONTHNO.@MDayNo.@Year @TIME " + $LogString + @CRLF
$result = WriteLine (1, $LogString)
Close(1)
Else
BEEP
? "Failed to open Log file(Error[" + @Error + "]) "
EndIf
EndFunction
Function RemoveUserFromGroup($Computer, $Group, $User)
; Log the fact this machine has the group in its list and then remove it from the list
WriteLog($LogFileName, "$Computer contains " + Chr(34) + $User + Chr(34) + " in " + chr(34) + $Group + Chr(34))
$ShellStr = "C:\grpmaint.exe --Sam \\" + $Computer + " --remove --name $Group --member " + Chr(34) + "$User" + Chr(34) + " --logfile " + Chr(34) + "$LogFileName" + Chr(34)
Shell $ShellStr
EndFunction
I am sure I will be back for more on this, as this script will be much more powerful by the time it is done. I am hoping to have a 'control' file that will tell the script what to do on what machine. (ie machine = *, group = 'Domain*', user = 'corp\Domain Users' Action = Delete)
This is still VERY MUCH in baby stages.
