Thursday, November 27, 2008

Locating All the Disabled User Accounts in Active Directory

Returns a list of all disabled user accounts in the fabrikam.com domain.

Const ADS_UF_ACCOUNTDISABLE = 2
 
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
    "<GC://dc=fabrikam,dc=com>;(objectCategory=User)" & _
        ";userAccountControl,distinguishedName;subtree"  
Set objRecordSet = objCommand.Execute
 
intCounter = 0
While Not objRecordset.EOF
    intUAC=objRecordset.Fields("userAccountControl")
    If intUAC AND ADS_UF_ACCOUNTDISABLE Then
        WScript.echo objRecordset.Fields("distinguishedName") & " is disabled"
        intCounter = intCounter + 1
    End If
    objRecordset.MoveNext
Wend
 
WScript.Echo VbCrLf & "A total of " & intCounter & " accounts are disabled."
 
objConnection.Close

This is a VB Script, this can be used by saving the file in .vbs file
Labels: