Main Menu

Home
Knowledgebase
RSS Feeds
Links
Downloads
Search

LNA Blogs

Cheyenne Harden's Blog
LazyNetworkAdmin Blog

Sponsored Links

Login Form






Lost Password?

Syndicate

Home arrow RSS Feeds
List Disabled Accounts In Active Directory PDF Print E-mail
User Rating: / 0
PoorBest 
Written by Cheyenne Harden   
Searching through Active Directroy for disabled accounts can be tedious.
This is why I created a script to shorten this process.
It will search through an OU and write all disabled accounts to a file.

----------COPY EVERYTHING BELOW THIS LINE----------


'Created July 21 2006 By Chey Harden


Const ADS_UF_ACCOUNTDISABLE = 2
Const OPEN_FILE_FOR_WRITING = 2
strFile = "disabled.txt"
strWritePath = "\\SERVER\files\Scripts\" & strFile
strDirectory = "\\SERVER\files\Scripts\"

'#########
Set objFSO1 = CreateObject("Scripting.FileSystemObject")

If objFSO1.FileExists("\\SERVER\files\Scripts\" & strFile) Then
    Set objFolder = objFSO1.GetFile("\\SERVER\files\Scripts\" & strFile)

Else
    Set objFile = objFSO1.CreateTextFile(strDirectory & strFile)
    'Wscript.Echo "Just created " & objFolder & "\" & strFile
    objFile = ""

End If
'#########
Set fso = CreateObject("Scripting.FileSystemObject")
Set textFile = fso.OpenTextFile(strWritePath, OPEN_FILE_FOR_WRITING)

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = "<GC://dc=MY_DOMAIN,dc=com>;(objectCategory=User)" & _
";userAccountControl,distinguishedName;subtree"
'Put AD info Here, should be dc=DOMAIN, dc="com" or "org", or "local"
Set objRecordSet = objCommand.Execute

intCounter = 0
While Not objRecordset.EOF
intUAC=objRecordset.Fields("userAccountControl")
If intUAC AND ADS_UF_ACCOUNTDISABLE Then
'WScript.echo objRecordset.Fields("distinguishedName") & " is disabled"
textFile.WriteLine(objRecordset.Fields("distinguishedName"))
intCounter = intCounter + 1
End If
objRecordset.MoveNext
Wend

WScript.Echo VbCrLf & "A total of " & intCounter & " accounts are disabled."


objConnection.Close

WScript.Echo "Done..."
WScript.Quit

----------COPY EVERYTHING ABOVE THIS LINE----------


PLEASE MAKE SURE NO WORD WRAPPING IS HAPPENING IN YOUR NOTEPAD!!!


*Make sure you replace all instances of \\SERVER\files\Scripts\ with your UNC Server path that you want to log to.
*Make sure that you have write ability to the file path.

*Make sure you also change <GC://dc=MY_DOMAIN,dc=com> with your domain information.
Example: Domain.local would mean <GC://dc=Domain,dc=local>


This information is provided "AS IS" with no warranties expressed or implied.

Comments
Add New
Write comment
Name:
Email:
 
Title:
 
:angry::0:confused::cheer:B):evil::silly::dry::lol::kiss::D:pinch:
:(:shock::X:side::):P:unsure::woohoo::huh::whistle:;):s
:!::?::idea::arrow:
 
Please input the anti-spam code that you can read in the image.

3.26 Copyright (C) 2008 Compojoom.com / Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."
 
Tag it:
Delicious
Furl it!
Spurl
digg
YahooMyWeb
!
< Prev   Next >
[ Back ]
 

Google Search

Google

Latest News

Popular