O'Reilly Hacks
oreilly.comO'Reilly NetworkSafari BookshelfConferences Sign In/My Account | View Cart   
Book List Learning Lab PDFs O'Reilly Gear Newsletters Press Room Jobs  

 
Search
Hacks Site
• List of Titles
• Got a Hack?
• Suggestion Box
Resource Centers
Bioinformatics
C/C++
Databases
Digital Media
Enterprise Development
Game Development
Java
Linux/Unix
Macintosh/OS X
.NET
Open Source
Oracle
Perl
Python
Scripting
Security
Software Development
SysAdmin/Networking
Web
Web Services
Windows
Wireless
XML
Book Series
Annoyances
CD Bookshelves
Cookbooks
Developer's Notebooks
Hacks
Head First
In A Nutshell
Missing Manuals
Pocket References
Personal Trainer
Technology & Society
Publishing Partners
Mandriva
No Starch Press
Paraglyph Press
PC Publishing
Pragmatic Bookshelf
SitePoint
Syngress Publishing
Online Publications
LinuxDevCenter.com
MacDevCenter.com
ONJava.com
ONLamp.com
OpenP2P.com
Perl.com
WebServices.XML.com
WindowsDevCenter.com
XML.com
Special Interest
Beta Chapters
Events
From the Editors List
Letters
MAKE
Open Books
tim.oreilly.com
Special Sales
Academic
Corporate Services
Government
Inside O'Reilly
About O'Reilly
Bookstores
Contact Us
International
Register Your Book
User Groups
Writing for O'Reilly

 
Buy the book!
Windows Server Hacks
By Mitch Tulloch
March 2004
More Info

HACK
#27
Get a List of Disabled Accounts
Here's a fast way to determine any disabled user accounts in your Active Directory forest
The Code
[Discuss (0) | Link to this hack]

The Code

Simply type the script into Notepad (with Word Wrap turned off) and save it with a .vbsextension as DisabledAccounts.vbs:

Const ADS_UF_ACCOUNTDISABLE = 2

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
"<GC://dc=rootdomain,dc=com>;(objectCategory=User)" & _
";userAccountControl,distinguishedName;subtree" 
Set objRecordSet = objCommand.Execute

intCounter = 0
While Not objRecordset.EOF
intUAC=objRecordset.Fields("userAccountControl")
If intUAC AND ADS_UF_ACCOUNTDISABLE Then
WScript.echo objRecordset.Fields("distinguishedName") & " is disabled"
intCounter = intCounter + 1
End If
objRecordset.MoveNext
Wend

WScript.Echo VbCrLf & "A total of " & intCounter & " accounts are disabled."

objConnection.Close

Make sure you have the latest scripting engines on the workstation you run this script from. You can download the latest scripting engines from the Microsoft Scripting home page (http://msdn.microsoft.com/library/default.asp?url=/nhp/Default.asp?contentid=28001169). Also, when working with the Active Directory Services Interface (ADSI), you must have the same applicable rights you need to use the built-in administrative tools.

O'Reilly Home | Privacy Policy

© 2007 O'Reilly Media, Inc.
Website: | Customer Service: | Book issues:

All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners.