smgorham
asked on
Trying to set userAccountControl for an entire OU
I got a script found here in another post to set the userAccountControl of all users in an OU to 512. This is the script I am using:
' UserAccountControl .vbs
' Sample VBScript to enable a user account
' Author Guy Thomas http://computerperformance.co.uk/
' Version 2.0 - May 2005
' -------------------------- ---------- ---------- ---------- ------'
Option Explicit
Dim objOU, objUser, objRootDSE
Dim strContainer, strLastUser, strDNSDomain, intAccValue
' Bind to Active Directory Domain
Set objRootDSE = GetObject("LDAP://RootDSE" )
strDNSDomain = objRootDSE.Get("DefaultNam ingContext ")
' Here is where we set the value to enable the account
' 512 = Enable, 514 = Disable.
intAccValue = 512
' -------------------------- ---------- ---------- ---------- -----'
' Important change OU= to reflect your domain
' -------------------------- ---------- ---------- ---------- -----'
strContainer = "OU=Users "
strContainer = strContainer & strDNSDomain
set objOU =GetObject("LDAP://" & strContainer )
For each objUser in objOU
If objUser.class="user" then
' The heart of this script - Enable users
objUser.Put "userAccountControl", intAccValue
objUser.SetInfo
End if
next
' End of Free Sample UserAccountControl VBScript
The problem is when I run it I get a script error "The server is unwilling to process the request." Code 80072035. After doing some research it is pointing to domain policy that is restricting this from running. My question is, how do I determine which part of domain policy is stopping this from running so that I can disable it. I have 2000+ users that were imported that have the UF_PASSWD_NOTREQD flag set. I need to do a bulk modify to set all these users to 512.
Thanks
' UserAccountControl .vbs
' Sample VBScript to enable a user account
' Author Guy Thomas http://computerperformance.co.uk/
' Version 2.0 - May 2005
' --------------------------
Option Explicit
Dim objOU, objUser, objRootDSE
Dim strContainer, strLastUser, strDNSDomain, intAccValue
' Bind to Active Directory Domain
Set objRootDSE = GetObject("LDAP://RootDSE"
strDNSDomain = objRootDSE.Get("DefaultNam
' Here is where we set the value to enable the account
' 512 = Enable, 514 = Disable.
intAccValue = 512
' --------------------------
' Important change OU= to reflect your domain
' --------------------------
strContainer = "OU=Users "
strContainer = strContainer & strDNSDomain
set objOU =GetObject("LDAP://" & strContainer )
For each objUser in objOU
If objUser.class="user" then
' The heart of this script - Enable users
objUser.Put "userAccountControl", intAccValue
objUser.SetInfo
End if
next
' End of Free Sample UserAccountControl VBScript
The problem is when I run it I get a script error "The server is unwilling to process the request." Code 80072035. After doing some research it is pointing to domain policy that is restricting this from running. My question is, how do I determine which part of domain policy is stopping this from running so that I can disable it. I have 2000+ users that were imported that have the UF_PASSWD_NOTREQD flag set. I need to do a bulk modify to set all these users to 512.
Thanks
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.