Deleting Specified Computer Accounts
Microsoft® Windows® 2000 Scripting Guide
« Previous | Next »
If all you need to do is delete a single computer account, it is probably faster and easier to delete it by using Active Directory Users and Computers. Creating a script to delete a single computer account is probably more trouble than it is worth; scripts are far more useful when they are used to delete multiple computer accounts based on specified criteria.
For example, your organization might have made the decision to require all computers to use the Windows 2000 operating system. To help ensure compliance with this new requirement, you might give departments a specific period of time in which to complete the upgrade. At the end of that time period, you might then delete the accounts for any computer not running Windows 2000. Deleting these accounts will help prevent users from using an unauthorized operating system to gain access to network resources.
You can delete specified computer accounts by writing a script that:
- Searches Active Directory for all computer accounts meeting specified criteria. For example, you can search for all computers running Windows 2000 or Windows NT 4.0.
- Returns a recordset consisting of all the computer accounts meeting the criteria.
- Individually bind to and delete each account in the recordset.
Scripting Steps
Listing 9.4 contains a script that deletes specified computer accounts from Active Directory. To carry out this task, the script must perform the following steps:
- Create a constant named ADS_SCOPE_SUBTREE and set the value to 2.
This constant is used to specify a search that begins in the Active Directory root and then proceeds to search all the child containers as well.
- Create an instance of the Active Directory connection object (ADODB.Connection).
- Create an instance of the Active Directory command object (ADODB.Command).
The command object allows you to issue queries and other database commands through the Active Directory connection.
- Set the Provider property of the connection object to the Active Directory provider (ADsDSOObject), the OLE database provider for ADSI.
- Set the active connection to the Active Directory connection.
- Set the command text for the Active Directory command object to the Structured Query Language (SQL) query that retrieves the specified computer accounts from fabrikam.com.
In this script, the SQL query is "
SELECT distinguishedName, operatingSystemVersion FROM 'LDAP://DC=fabrikam,DC=com' WHERE objectClass='computer' AND operatingSystemversion = '4.0'". - Specify values for page size, time-out, search scope, and caching.
Although this step is optional, it can improve the performance of your script in a domain with thousands of computers.
- Execute the SQL query.
This query returns a recordset consisting of all the computer accounts for all computers currently running the Windows NT 4.0 operating system.
- When the set of computers is returned, use the MoveFirst method to move to the first computer in the recordset.
- For each computer in the recordset, set the value of the variable strComputer to the distinguished name for the computer account.
- Use a second GetObject call to bind to the computer account. You must individually bind to each account because items in an ActiveX Data Object (ADO) recordset are read-only.
- After binding to the individual computer account, use the DeleteObject method to delete the account from Active Directory.
Listing 9.4 Deleting Specified Computer Accounts
|
|
 Send us your feedback | « Previous | Next » |
EAN: N/A
Pages: 635