Disable accounts by the description field

Disable accounts by the description field

Post by cthoma » Fri, 18 Jun 2004 02:57:03


I need a way to disable 300+ accounts in Active Directory according to
the description field. I have a text file with the names of the users
and their description. The description is thier unique id number.
Here's what I came up with so far:


Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile("c:\grads.txt", 1)
disabled = 0
notin = 0
Do until objFile.AtEndOfStream

Line = objFile.ReadLine
Id = Right(Line,7)

If inStr(Line, " ") Then
arrDHCPRecord = split(Line, " ")
DisplayName = arrDHCPRecord(0) + ", " + arrDHCPRecord(1)
UserName = arrDHCPRecord(0) + "\, " + arrDHCPRecord(1)
'WScript.Echo UserName, Id

'Finding account
Dim objConn, objRecordSet
Dim strDomain, strQuery
Set objConn = CreateObject("ADODB.Connection")
objConn.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConn

strQuery = "<LDAP://CN=Users,DC=mycompany,DC=com>;(&(objectClass=user)(description="
& ID & "));sn,givenName"

Set objRecordSet = objConn.Execute(strQuery)
While Not objRecordSet.EOF

If objRecordSet.Fields("sn") <> "" Then

'Disable Account
Set objUser = GetObject("LDAP://cn=" & UserName &
",CN=Users,DC=mycompany,DC=com")

'Finding description field
desc = objUser.Description

'Matching description field with student ID

If Id = desc Then
disabled = disabled + 1
objUser.AccountDisabled = TRUE
WScript.Echo DisplayName, Id, "has been disabled."
End If

objUser.SetInfo
Set objUser = Nothing

Elseif objRecordSet.Fields("sn") = "" Then
notin = notin + 1
WScript.Echo UserName, Id, "did not have an account in AD."
End If
objRecordSet.MoveNext
Wend

End If
Loop
WScript.Echo "Number of accounts disabled: "& disabled &""
WScript.Echo "Not in Active Directory: "& notin &""
objFile.Close



This works until it comes to a person in my text file like who's name
doesn't exactly match what's in Active Directoy, like Christopher
Smith, Chris Smith. Is there a way to find accounts, and disable them
by searching the description field.
 
 
 

Disable accounts by the description field

Post by Richard Mu » Sat, 19 Jun 2004 01:32:46

Hi,

Unless I'm mistake, your ADO query already returns the object that has the
specified employee number in the description field. Just add
distinguishedName to the list of attributes returned, so you can bind to the
correct object. Don't use the names in your file, which you find to not be
reliable. In brief:

strQuery = "<LDAP://CN=Users,DC=mycompany,DC=com>;" _
& "(&(objectClass=user)(description=" & ID & "));distinguishedName"

Set objRecordSet = objConn.Execute(strQuery)
While Not objRecordSet.EOF

'Disable Account
Set objUser = GetObject("LDAP://" _
& objRecordSet.Fields("distinguishedName"))

I hope this helps.

--
Richard
Microsoft MVP Scripting and ADSI
HilltopLab web site - http://www.yqcomputer.com/


"<LDAP://CN=Users,DC=mycompany,DC=com>;(&(objectClass=user)(description="

 
 
 

Disable accounts by the description field

Post by cthoma » Sun, 20 Jun 2004 00:17:43

figured it out. Below is my script. But thanks for your reply.


' This VB Script will take a list of graduated students and disable
' their account in Active Directory. It will match the student id
' and it will skip over students who are not in Active Directory.

' This program can be started with this command:
' cscript //nologo disable.vbs

' There is one setting you may have to change,
' the name/path of the text file

Option Explicit
Dim objRootDSE, strDNSDomain, objCommand, objConnection
Dim strBase, strFilter, strAttributes, strQuery, objRecordSet
Dim strDN, colstrDescription, strLine, objUser, inputfile, already
Dim id, objFSO, objFile, disabled, notin, Line, DisplayName, UserName,
arrDHCPRecord, didit


' Name and path of the text file, change accordingly
inputfile = "c:\grads.txt"


' The text file should be in the format below:
' LASTNAME FIRSTNAME MI ,SSN,STUDENTID
' for example,
' SMITH SARAH ,999999999,001009999
' etc.....


' Reads the text file
Set objFSO = CreateObject("Scripting.FileSystemObject")
'Set objFile = objFSO.OpenTextFile("c:\grads.txt", 1)
Set objFile = objFSO.OpenTextFile(inputfile, 1)
disabled = 0
notin = 0
Do until objFile.AtEndOfStream
Line = objFile.ReadLine
Id = Right(Line,7)
If inStr(Line, " ") Then
arrDHCPRecord = split(Line, " ")
DisplayName = arrDHCPRecord(0) + ", " + arrDHCPRecord(1)
UserName = arrDHCPRecord(0) + "\, " + arrDHCPRecord(1)


' Use ADO to search Active Directory for all users.
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection
strBase = "<LDAP://CN=YOURGROUP,DC=YOURCOMPANY,DC=COM>"


' Return all users, with DN and description.
strFilter = "(&(objectCategory=person)(objectClass=user))"
strAttributes = "distinguishedName,description"
strQuery = strBase & ";" & strFilter & ";" & strAttributes &
";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute

' Loop through text file
Do Until objRecordSet.EOF
strDN = objRecordSet.Fields("distinguishedName")
colstrDescription = objRecordSet.Fields("description")


' Test if description attribute has a value.
If Not IsNull(colstrDescription) Then

' Enumerate each line of description.
For Each strLine In colstrDescription

' Test if description contains the student id.
If InStr(LCase(strLine), id) > 0 Then

' Disable the user account.
Set objUser = GetObject("LDAP://" & strDN)
If objUser.AccountDisabled = True Then
Wscript.Echo "Found in AD, is already disabled: " & DisplayName & "
-- " & id
already = already + 1
Else
objUser.AccountDisabled = True
objUser.SetInfo
Wscript.Echo "Found in AD, disabled: " & DisplayName & " -- "
& id
disabled = disabled + 1
End If
End If
Next
End If
objRecordSet.MoveNext
Loop
didit = didit + 1
End If
Loop
objFile.Close
notin = didit - disabled


' Print out the users that the program disabled
Wscript.Echo "Users disabled by this script: " & disabled

' Print out the users that were already disabled
Wscript.Echo "Users who