I have all my older ZENworks objects separate into an OU in eDirectory. I'd like to remove all the associations to those objects (as in, they're assigned to users, ou's, etc.) in mass. I'd imagine I could do this with LDIF, but don't have much experience doing so. Suggestions for mass changes?
Thanks, Tom
This is an area where scripting would do nicely. The thing to remember is that there are usually two associations -- one on the Zen object, and one on the object it is associated with (similar to the way that groups have a list of their members and users have a list of their groups as attributes). So, your script will want to look at each Zenworks object, grab the list of its associations, iterate through each association and delete the attribute pointing to the Zen object before deleting the member value on the zen object itself.
The LDAP libraries for PHP and Perl can be deployed quickly (I have used them for similar operations). Novell makes good and free standard LDAP libraries for C and C# as well (which I have not used). I have used Microsoft's DirectoryService libraries in .NET (using the DirectoryEntry object), for this sort of thing but they don't use SSL in LDAP so you would only use them in very secure situations (i.e. run the script from a machine on the same network switch as the server).
An example of scripting LDAP changes using the .NET libraries (via me) can be found here: http://www.novell.com/communities/node/11770/edirectory-radiazer-managing-edirectory-users-and-radius-profiles