Sunday, January 10, 2010

List disabled users in a domain

To list disabled users in a domain enter this script. Just modify the LDAP string,
.

Const ADS_UF_ACCOUNTDISABLE = 2
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
";(objectCategory=User)" & _
";userAccountControl,distinguishedName;subtree"
Set objRecordSet = objCommand.Execute
intCounter = 0
Do Until objRecordset.EOF
intUAC=objRecordset.Fields("userAccountControl")
If intUAC AND ADS_UF_ACCOUNTDISABLE Then
'WScript.echo objRecordset.Fields("distinguishedName") & " is disabled"
intCounter = intCounter + 1
End If
objRecordset.MoveNext
Loop
WScript.Echo VbCrLf & "A total of " & intCounter & " accounts are disabled."
objConnection.Close

No comments:

Post a Comment