• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 389
  • Last Modified:

Mass ID disablement in Active Directory

anybody knows how to write a script to disable and delete multiple IDs (abt 2000) in windows 2000 Active Directory?

- one line of statement (which means NOT 2000 command line which refer to individual ID).
- the script should refer to a text file or excel file for the ID listing

appreciate yr help. I need this urgently.

thanks in advance
  • 3
1 Solution
You probably already know this but just in case; deleting things using scripts can get you into trouble.

You are wanting to remove(delete) user accounts from AD or disable them or both? Will there be computer accounts as well or just users? Please provide a little more detail as to what you want you script to accomplish.

yatieAuthor Commented:
Hi Krompton,

Thanks for the response. What I wanna do is:
i) to disable user accounts from AD (no computer accounts, only user accounts)
ii) after two weeks, run another script to disable those disabled user accounts
iii) have a script which single or few lines BUT NOT individual user account as 1 line of command

Thanks very much. Hope you could help me achieve this.

Disabling accounts via script is reasonably easy and the script would only need to be a few lines long. The “difficult” part is if you want to use a script to get the usernames. You’ll need some criterion that will filter the accounts.

Is there something the same in all the accounts to be disabled and NOT in those to be left alone?

If your answer to this question is “no” then try this:
I know this works for 2003 but have not tried it on 2000


Run the following command on your Domain Controller
dsquery user > "C:\DomainUserList.txt" (EDIT the text file created and delete users you don’t want disabled)
(dsquery.exe should be located in c:\windows\system32 folder)

Save text between **** as .vbs (i.e. C:\DisableUsers.vbs)

 UsageMsg = "Usage: " & VBCrLf & "          WScript.exe C:\DisableUsers.vbs UserListToDisable DNSNameOfDomainController" & VBCrLf & _
"Example:" & VBCrLf & "          WScript.exe C:\DisableUsers.vbs C:\DomainUserList.txt DC1.Domain.Local"

Const ADS_UF_ACCOUNTDISABLE = 2, ForReading = 1, ForWriting = 2, ForAppending = 8
If WScript.Arguments.Count < 2 Then
      MsgBox UsageMsg,,"Syntax Error"
      UserListFile = WScript.Arguments(0)
      Controller = WScript.Arguments(1)
End If
Set oFS = WScript.CreateObject("Scripting.FileSystemObject")
Set oFSContents = oFS.OpenTextFile(UserListFile, ForReading)
UserList = oFSContents.ReadAll
Users = Split(UserList, vbNewLine)

For Each User in Users
      If User <> "" Then
            Set objUser = GetObject("LDAP://" & Controller & "/" & (Replace(User, Chr(34), "")))
            intUAC = objUser.Get("userAccountControl")
            objUser.Put "userAccountControl", intUAC OR ADS_UF_ACCOUNTDISABLE
      End If



Then run the following command on your Domain Controller
WScript.exe C:\DisableUsers.vbs C:\DomainUsers.txt DNSNameOfDomainController

Good Luck,
Oh, BTW...

          Set objUser = GetObject("LDAP://" & Controller & "/" & (Replace(User, Chr(34), "")))
          intUAC = objUser.Get("userAccountControl")
          objUser.Put "userAccountControl", intUAC OR ADS_UF_ACCOUNTDISABLE

      Set WSHShell = CreateObject("Wscript.Shell")
      Cmd = "cmd /c dsrm -noprompt " & User
      MyVal = WSHShell.Run(Cmd,1,True)

When you want to delete the users.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now