ekrengel
Jul 20th, 2006, 10:15 AM
I am playing around with a script to disable users in active directory after they have not logged in after a certain amount of days. I have not tested it yet because I dont want to screw up my active directory, but can someone take a look at this and see how it looks so far?
'grabs info from active directory
Set fso = CreateObject("Scripting.FileSystemObject")
set tf = fso.CreateTextFile("c:\AccountsDisabled.txt", True)
Set objUser = GetObject _
("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com")
dtmValue = objUser.PasswordLastChanged
'if then statement to disable account for not logging in 60 days
if objUser.PasswordLastChanged = "60" then
Const ADS_UF_ACCOUNTDISABLE = 2
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
intUAC = objUser.Get("userAccountControl")
objUser.Put "userAccountControl", intUAC OR ADS_UF_ACCOUNTDISABLE
objUser.SetInfo
tf.writeline "Users: " & objUser.PasswordLastChanged
i = i + 1
else
end if
next
msgbox "Users who have not logged in for more than 60 days have been disabled"
'grabs info from active directory
Set fso = CreateObject("Scripting.FileSystemObject")
set tf = fso.CreateTextFile("c:\AccountsDisabled.txt", True)
Set objUser = GetObject _
("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com")
dtmValue = objUser.PasswordLastChanged
'if then statement to disable account for not logging in 60 days
if objUser.PasswordLastChanged = "60" then
Const ADS_UF_ACCOUNTDISABLE = 2
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
intUAC = objUser.Get("userAccountControl")
objUser.Put "userAccountControl", intUAC OR ADS_UF_ACCOUNTDISABLE
objUser.SetInfo
tf.writeline "Users: " & objUser.PasswordLastChanged
i = i + 1
else
end if
next
msgbox "Users who have not logged in for more than 60 days have been disabled"