Announcement

Collapse
No announcement yet.

Disable users in active directory

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Disable users in active directory

    I am playing around with a script to disable users in active directory after they have not logged in after a certain amount of days. I have not tested it yet because I dont want to screw up my active directory, but can someone take a look at this and see how it looks so far?

    Code:
    'grabs info from active directory
    Set fso = CreateObject("Scripting.FileSystemObject")
    set tf = fso.CreateTextFile("c:\AccountsDisabled.txt", True)
    Set objUser = GetObject _
        ("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com")
    dtmValue = objUser.PasswordLastChanged
    
    
    'if then statement to disable account for not logging in 60 days
    if objUser.PasswordLastChanged = "60" then
    Const ADS_UF_ACCOUNTDISABLE = 2
     Set objUser = GetObject _
    ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
    intUAC = objUser.Get("userAccountControl")
    objUser.Put "userAccountControl", intUAC OR ADS_UF_ACCOUNTDISABLE
    objUser.SetInfo
    tf.writeline "Users: " & objUser.PasswordLastChanged
    i = i + 1
    else
    end if
    next
    
    
    msgbox "Users who have not logged in for more than 60 days have been disabled"
    EDIT: Changed to CODE tag by Tonyyeb for easy reading
    Last edited by tonyyeb; 20th July 2006, 21:48.

  • #2
    Re: Disable users in active directory

    i'm missing a view parts of the script.

    I see a next, but no for loop
    I see a counter, without any use of it.

    Please post you're complete script.

    Thank you


    ok,
    to help you further with you're script, why not looking at the last login time?

    http://www.microsoft.com/technet/scr...lastlogon.mspx
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Disable users in active directory

      Ok i'll take a look at it thanks.

      Comment


      • #4
        Re: Disable users in active directory

        Ok well I found another option to do this, its a great command line tool and anyone who is trying to do the same thing as me I would highly recommend this tool:

        http://www.joeware.net/win/free/tools/oldcmp.htm

        Comment

        Working...
        X