Clear all Active Directory users’ manager attribute

Clear all Active Directory users’ manager attribute. See POC video

[sourcecode language=”css”]
Option Explicit

Dim adoCommand
Dim adoConnection
Dim objRootDSE
Dim strDNSDomain
Dim strBase
Dim strFilter
Dim strAttributes
Dim strQuery
Dim adoRecordset
Dim strDN
Dim objUser


‘ Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection

‘ Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"

‘ Filter for users
strFilter = "(&(objectCategory=person)(objectClass=user))"

‘ Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName"

‘ Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

‘ Run the query.
Set adoRecordset = adoCommand.Execute

‘ Enumerate the resulting recordset.
Do Until adoRecordset.EOF

‘ Retrieve values.
strDN = adoRecordset.Fields("distinguishedName").Value
‘ Bind to the user object.
Set objUser = GetObject("LDAP://" & strDN)

‘ Clear the manager attribute.
objUser.PutEx ADS_PROPERTY_CLEAR, "manager", 0

‘ Save change to AD.
‘ Move to the next record in the recordset.

‘ Clean up.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.