Disable Inactive users
- From: "Joseph" <josephgradd@xxxxxxxxxxx>
- Date: Tue, 28 Nov 2006 07:12:36 +0800
Howdy List,
I have this script modified to disable 30 days inactive users, but the code
i copied on technet seems won't work, any help would be appreciated.
Option Explicit
Dim objRootDSE, strConfig, objConnection, objCommand, strQuery
Dim objRecordSet, objDC
Dim strDNSDomain, objShell, lngBiasKey, lngBias, k, arrstrDCs()
Dim strDN, dtmDate, objDate, lngDate, objList, strUser
Dim strBase, strFilter, strAttributes, lngHigh, lngLow
Dim strDisplayName, strUserInfo, strkey, colkeys
'------------------------------------------------------------------
' Use a dictionary object to track latest lastLogon for each user.
'------------------------------------------------------------------
Set objList = CreateObject("Scripting.Dictionary")
objList.CompareMode = vbTextCompare
'-------------------------------------------------------------------
' Obtain local Time Zone bias from machine registry.
'-------------------------------------------------------------------
Set objShell = CreateObject("Wscript.Shell")
lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
& "TimeZoneInformation\ActiveTimeBias")
If UCase(TypeName(lngBiasKey)) = "LONG" Then
lngBias = lngBiasKey
ElseIf UCase(TypeName(lngBiasKey)) = "VARIANT()" Then
lngBias = 0
For k = 0 To UBound(lngBiasKey)
lngBias = lngBias + (lngBiasKey(k) * 256^k)
Next
End If
'--------------------------------------------------------------------
' Determine configuration context and DNS domain from RootDSE object.
'----------------------------------------------------------------------
Set objRootDSE = GetObject("LDAP://RootDSE";)
strConfig = objRootDSE.Get("configurationNamingContext")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
'--------------------------------------------------------------------
' Use ADO to search Active Directory for ObjectClass nTDSDSA.
' This will identify all Domain Controllers.
'--------------------------------------------------------------------
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection
strBase = "<LDAP://"; & strConfig & ">"
strFilter = "(objectClass=nTDSDSA)"
strAttributes = "AdsPath"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 60
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
'----------------------------------------------------------------------
' Enumerate parent objects of class nTDSDSA. Save Domain Controller
' AdsPaths in dynamic array arrstrDCs.
'----------------------------------------------------------------------
k = 0
Do Until objRecordSet.EOF
Set objDC = _
GetObject(GetObject(objRecordSet.Fields("AdsPath")).Parent)
ReDim Preserve arrstrDCs(k)
arrstrDCs(k) = objDC.DNSHostName
k = k + 1
objRecordSet.MoveNext
Loop
'----------------------------------------------------------------------
' Retrieve lastLogon attribute for each user on each Domain Controller.
'----------------------------------------------------------------------
For k = 0 To Ubound(arrstrDCs)
strBase = "<LDAP://"; & arrstrDCs(k) & "/" & strDNSDomain & ">"
strFilter = "(& (objectCategory=person)(objectClass=user))"
strAttributes = "distinguishedName,lastLogon,displayName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes _
& ";subtree"
objCommand.CommandText = strQuery
On Error Resume Next
Set objRecordSet = objCommand.Execute
If Err.Number <> 0 Then
On Error GoTo 0
Wscript.Echo "Domain Controller not available: " & arrstrDCs(k)
Else
On Error GoTo 0
Do Until objRecordSet.EOF
'strDisplayName = objRecordSet.Fields("displayName")
strDN = objRecordSet.Fields("distinguishedName")
lngDate = objRecordSet.Fields("lastLogon")
'strUserInfo = strDN & ", " & strDisplayName
strUserInfo = strDN
On Error Resume Next
Set objDate = lngDate
If Err.Number <> 0 Then
On Error GoTo 0
dtmDate = #1/1/1601#
Else
On Error GoTo 0
lngHigh = objDate.HighPart
lngLow = objDate.LowPart
If lngLow < 0 Then
lngHigh = lngHigh + 1
End If
If (lngHigh = 0) And (lngLow = 0 ) Then
dtmDate = #1/1/1601#
Else
dtmDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
+ lngLow)/600000000 - lngBias)/1440
End If
End If
If objList.Exists(strUserInfo) Then
If dtmDate > objList(strUserInfo) Then
objList(strUserInfo) = dtmDate
End If
Else
objList.Add strUserInfo, dtmDate
End If
objRecordSet.MoveNext
Loop
End If
Next
'--------------------------------------------
' For each user check for 30 day's threshold
' and disable for every user that didn't meet
' the threshold.
' Output latest lastLogon date for each user.
' Set to TRUE to disable account or FALSE to enable account
'-----------------------------------------------------------
Const ADS_UF_ACCOUNTDISABLE = 2
For Each strUser In objList
If Date - objList(strUser) >= 30 Then
'Wscript.Echo strUser & " ; " & objList(strUserInfo)
'====================== Doesn't work from here ======================
'Set objUser = GetObject("LDAP://strUser";)
'intUAC = objUser.Get("userAccountControl")
'objUser.Put "userAccountControl", intUAC OR ADS_UF_ACCOUNTDISABLE
'objUser.SetInfo
'======================= Till here ===============================
Wscript.Echo strUser
End If
Next
'-----------------------------------------
' Clean up.
'-----------------------------------------
objConnection.Close
Set objRootDSE = Nothing
Set objConnection = Nothing
Set objCommand = Nothing
Set objRecordSet = Nothing
Set objDC = Nothing
Set objDate = Nothing
Set objList = Nothing
Set objShell = Nothing
'--------------------8<----------------------
.
- Prev by Date: Re: List all installed application
- Next by Date: Re: unzipping file and overwritting old file...
- Previous by thread: command line search for new files
- Index(es):
Relevant Pages
|
