Questions

Windos 2003 Server - delete data from accounts not accounts themselves

+
0 Votes
Locked

Windos 2003 Server - delete data from accounts not accounts themselves

alpenny
I have a school as a client, who have created accounts in AD for each grade. All data generated through the year is stored therein. Now they want to clear the data, but retain the accounts, as re-creating them is time consuming. I can't access the folders, as access is denied. Anyway to delete the data, but retain the accounts?
  • +
    1 Votes
    OH Smeg

    To delete the data at the end of the school year.

    +
    0 Votes
    alpenny

    I have admin rights, but am denied access to the folders where the data is stored. I suppose I can edit the permissions on each folder to grant admin access, but I was hoping for a more eloquent solution.

    +
    1 Votes
    markp24

    you can take "ownership" of those folders and sub folder then delete them, this can also be scripted.

    +
    0 Votes
    seanferd

    Then delete the the necessary directory contents.

    You probably want to revert ownership afterward.

    +
    0 Votes
    mikeadams1137

    Are you familiar with VBS? You can write some scripts that can do virtually anything inside ADUC for you. If you're interested I can link you to some helpful websites. It's a great skill to have, it sounds like you are wanting to edit data contained in "OU's and Objects" located inside of ADUC? If you are wanting to edit hard data, ie: Roaming Profiles and Home Drives, then VBS script is you're best friend and it can be done systematically in roughly 30 seconds. My ADUC has around 3,000 users and if I were asked to wipe their H:\ Drives and Profiles, with only the option of "Take Ownership" available to me, I would probably hang myself or quit my job.

    +
    0 Votes
    alpenny

    Hi Mike, Thanks for the reply. I would be interested in those links and am willing to learn VB scripts.

    +
    0 Votes
    mikeadams1137

    @alpenny,

    No, worries. The website is located below and is safe for viewing.

    http://www.activxperts.com/activmonitor/windowsmanagement/adminscripts/usersgroups/users/

    Note: This is a link to another website not affiliated with Tech Republic. If you want to play it safe for your own mind of matter concerns, you can pound http://www.activxperts.com into Google.com and then navigate manually. The scripts above will allow you to easily manipulate AD&UC. Note, the scripts are just the hard code you will need to make the file .vbs, put simply... Create a text pad document, copy the script code into it, and change the file extension to .vbs Congrats on making your first VBS Script. :) If this is indeed your first.

    In order for the script to run correctly, you will have to run it from your server or a directory contained on you're server. IE: Running it from your roaming profile will not work, copy it to the C: Drive of your server and run it from there preferably the Domain Controller hosting your primary FSMO Roles.

    +
    0 Votes
    mikeadams1137

    @alpenny,

    Now...if you are wanting to manipulate data, ie: Home Drives, Profiles, etc...It's a bit more complicated. it's time to hop into the wonderful world of System Internals, Batch Files, and basic CL (Command Line).

    System Internals put simply can be downloaded from Microsoft.Com You will install it on your workstation. Essentially it let's you do things you would not be able to do in a conventionally. It's software designed to manipulate software administered by Microsoft to assist all of us Administrators out here that are forced to work in dynamic environments, such as the one you are finding yourself in.

    1) Download and Install System Internals from www.microsoft.com
    2) Install on your local workstation (Check for IT management approval first)
    3) Where you install the System Internals is important. It will pretty much look like you just unzipped a BUNCH of random files. You need them all. I put mine into the convenient location of D:\System Internals D:\ being my chosen local drive. This location is important as you will have to call on some text files that contain data etc...and they need to be in the same directory that you installed System Internals in!
    3) I have listed some of the scripts I use to assist you.

    This script below essentially is run on the computer you have System Internals on.

    ___________Script Starts Below________

    @echo off
    set /p e="username?"
    d:
    psexec @iprange.txt -u ABCD\%e% "\\YOURCOMPUTERNAME\batch\wingadplremove.bat"
    pause
    _________Script Ends Here, Below Begins Explanation______

    @echo off <-- Turns off the echo of the command so it will run your code as such and not read it back to you as code. (Always have this in your batch files.)

    set /p e="username?" <-- Setting the e character to username argument...we'll call on this later.

    d: <--- Where I have system internals installed

    psexec @iprange.txt -u ABCD\%e% "\\YOURCOMPUTERNAME\batch\wingadplremove.bat"

    psexec <--- Name of specific System Internal tools I am using. (Runs scripts remotely and silently)
    @iprange.txt <--- contains a list of all the IP addresses on my network, you could put all your computer names in a text file and call it mycomputers.txt if that's what you're wanting to do.
    -u <-- Will prompt for username
    ABCD\%e% <--- ABCD = Domain Name (Don't need the .com)\%e% <---(If your scroll up earlier we set the argument e=username, this is where that E comes into play, we are pretty much saying here...Prompt me for my user name and then a password. so..let's say my domain is ABCD, ABCD\%e% The ABCD is saying use an account on my domain (ABCD), \%e% will prompt me for an account on that domain, I would use my administrator account and then enter my password.

    "\\YOURCOMPUTERNAME\batch\wingadplremove.bat"<-- Location where the batch file is stored that I want to run remotely, my batch file is named wingadplremove.bat contained inside of the \batch\ directory which is on my computer.

    pause <-- Keeps the window open so you can see it that it ran, without this, it will just appear and disappear real fast.

    This is your master script essentially you will use with System Internals, make it once, make it work, enjoy life.

    _________Script that is deleting stuff starts below_________

    @Echo Off
    cls
    c:
    cd %PROGRAMFILES%
    rmdir /s /q WINGDAPL

    _________End Script That Deletes Stuff #Begin explanation________

    @Echo Off<-- same as earlier

    cls <-- clear the screen

    c: <-- drive containing the directory I am deleting

    cd %PROGRAMFILES% <--- cd = change directory, %PROGRAMFILES% = where the folder is stored in "Program Files" for instance.

    rmdir /s /q WINGDAPL <--- rmdir (remove directory) /s = do it silently /q = force run :) and finally folder name WINGDAPL

    Hope this helps and provides some insight, any questions ask, deployed for a bit longer and really bored. Going to sleep. Good Luck.

  • +
    1 Votes
    OH Smeg

    To delete the data at the end of the school year.

    +
    0 Votes
    alpenny

    I have admin rights, but am denied access to the folders where the data is stored. I suppose I can edit the permissions on each folder to grant admin access, but I was hoping for a more eloquent solution.

    +
    1 Votes
    markp24

    you can take "ownership" of those folders and sub folder then delete them, this can also be scripted.

    +
    0 Votes
    seanferd

    Then delete the the necessary directory contents.

    You probably want to revert ownership afterward.

    +
    0 Votes
    mikeadams1137

    Are you familiar with VBS? You can write some scripts that can do virtually anything inside ADUC for you. If you're interested I can link you to some helpful websites. It's a great skill to have, it sounds like you are wanting to edit data contained in "OU's and Objects" located inside of ADUC? If you are wanting to edit hard data, ie: Roaming Profiles and Home Drives, then VBS script is you're best friend and it can be done systematically in roughly 30 seconds. My ADUC has around 3,000 users and if I were asked to wipe their H:\ Drives and Profiles, with only the option of "Take Ownership" available to me, I would probably hang myself or quit my job.

    +
    0 Votes
    alpenny

    Hi Mike, Thanks for the reply. I would be interested in those links and am willing to learn VB scripts.

    +
    0 Votes
    mikeadams1137

    @alpenny,

    No, worries. The website is located below and is safe for viewing.

    http://www.activxperts.com/activmonitor/windowsmanagement/adminscripts/usersgroups/users/

    Note: This is a link to another website not affiliated with Tech Republic. If you want to play it safe for your own mind of matter concerns, you can pound http://www.activxperts.com into Google.com and then navigate manually. The scripts above will allow you to easily manipulate AD&UC. Note, the scripts are just the hard code you will need to make the file .vbs, put simply... Create a text pad document, copy the script code into it, and change the file extension to .vbs Congrats on making your first VBS Script. :) If this is indeed your first.

    In order for the script to run correctly, you will have to run it from your server or a directory contained on you're server. IE: Running it from your roaming profile will not work, copy it to the C: Drive of your server and run it from there preferably the Domain Controller hosting your primary FSMO Roles.

    +
    0 Votes
    mikeadams1137

    @alpenny,

    Now...if you are wanting to manipulate data, ie: Home Drives, Profiles, etc...It's a bit more complicated. it's time to hop into the wonderful world of System Internals, Batch Files, and basic CL (Command Line).

    System Internals put simply can be downloaded from Microsoft.Com You will install it on your workstation. Essentially it let's you do things you would not be able to do in a conventionally. It's software designed to manipulate software administered by Microsoft to assist all of us Administrators out here that are forced to work in dynamic environments, such as the one you are finding yourself in.

    1) Download and Install System Internals from www.microsoft.com
    2) Install on your local workstation (Check for IT management approval first)
    3) Where you install the System Internals is important. It will pretty much look like you just unzipped a BUNCH of random files. You need them all. I put mine into the convenient location of D:\System Internals D:\ being my chosen local drive. This location is important as you will have to call on some text files that contain data etc...and they need to be in the same directory that you installed System Internals in!
    3) I have listed some of the scripts I use to assist you.

    This script below essentially is run on the computer you have System Internals on.

    ___________Script Starts Below________

    @echo off
    set /p e="username?"
    d:
    psexec @iprange.txt -u ABCD\%e% "\\YOURCOMPUTERNAME\batch\wingadplremove.bat"
    pause
    _________Script Ends Here, Below Begins Explanation______

    @echo off <-- Turns off the echo of the command so it will run your code as such and not read it back to you as code. (Always have this in your batch files.)

    set /p e="username?" <-- Setting the e character to username argument...we'll call on this later.

    d: <--- Where I have system internals installed

    psexec @iprange.txt -u ABCD\%e% "\\YOURCOMPUTERNAME\batch\wingadplremove.bat"

    psexec <--- Name of specific System Internal tools I am using. (Runs scripts remotely and silently)
    @iprange.txt <--- contains a list of all the IP addresses on my network, you could put all your computer names in a text file and call it mycomputers.txt if that's what you're wanting to do.
    -u <-- Will prompt for username
    ABCD\%e% <--- ABCD = Domain Name (Don't need the .com)\%e% <---(If your scroll up earlier we set the argument e=username, this is where that E comes into play, we are pretty much saying here...Prompt me for my user name and then a password. so..let's say my domain is ABCD, ABCD\%e% The ABCD is saying use an account on my domain (ABCD), \%e% will prompt me for an account on that domain, I would use my administrator account and then enter my password.

    "\\YOURCOMPUTERNAME\batch\wingadplremove.bat"<-- Location where the batch file is stored that I want to run remotely, my batch file is named wingadplremove.bat contained inside of the \batch\ directory which is on my computer.

    pause <-- Keeps the window open so you can see it that it ran, without this, it will just appear and disappear real fast.

    This is your master script essentially you will use with System Internals, make it once, make it work, enjoy life.

    _________Script that is deleting stuff starts below_________

    @Echo Off
    cls
    c:
    cd %PROGRAMFILES%
    rmdir /s /q WINGDAPL

    _________End Script That Deletes Stuff #Begin explanation________

    @Echo Off<-- same as earlier

    cls <-- clear the screen

    c: <-- drive containing the directory I am deleting

    cd %PROGRAMFILES% <--- cd = change directory, %PROGRAMFILES% = where the folder is stored in "Program Files" for instance.

    rmdir /s /q WINGDAPL <--- rmdir (remove directory) /s = do it silently /q = force run :) and finally folder name WINGDAPL

    Hope this helps and provides some insight, any questions ask, deployed for a bit longer and really bored. Going to sleep. Good Luck.