2LL
asked on
Script to enable or disable users within OU
Hi there, I am looking for the script that will enable or disable users within OU. Please help me out, thank you in advance.
ASKER
Thank JuanCarniqlia. Actually, I am looking for the the script that will enable or disable users within OU, not individual user.
Oh, you mean ALL users within the same OU.
You would have to do a search, and then, disable/enable each one, while looping through them.
Maybe this,
Option Explicit
Dim objDSE, strDefaultDN, strDN, objContainer, objChild
Set objDSE = GetObject("LDAP://rootDSE"
strDefaultDN = "CN=Users," & objDSE.Get("defaultNamingC
strDN = InputBox("Enter the distinguished name of a container" & _
vbCrLf & "(e.g. " & strDefaultDN & ")", , strDefaultDN)
If strDN = "" Then WScript.Quit(1) 'user clicked Cancel
Set objContainer = GetObject("LDAP://" & strDN)
objContainer.Filter = Array("user")
For Each objChild In objContainer
WScript.Echo objChild.Name & vbTab & objChild.Description
if objChild.AccountDisabled = TRUE then
WScript.Echo "Account for " & objChild.Get("cn") & " currently disabled"
if strDisableAccount = FALSE then
objChild.AccountDisabled = strDisableAccount
objChild.SetInfo
WScript.Echo "Account enabled"
end if
else
WScript.Echo "Account currently enabled"
if strDisableAccount = TRUE then
objChild.AccountDisabled = strDisableAccount
objChild.SetInfo
WScript.Echo "Account disabled"
end if
end if
Next
You would have to do a search, and then, disable/enable each one, while looping through them.
Maybe this,
Option Explicit
Dim objDSE, strDefaultDN, strDN, objContainer, objChild
Set objDSE = GetObject("LDAP://rootDSE"
strDefaultDN = "CN=Users," & objDSE.Get("defaultNamingC
strDN = InputBox("Enter the distinguished name of a container" & _
vbCrLf & "(e.g. " & strDefaultDN & ")", , strDefaultDN)
If strDN = "" Then WScript.Quit(1) 'user clicked Cancel
Set objContainer = GetObject("LDAP://" & strDN)
objContainer.Filter = Array("user")
For Each objChild In objContainer
WScript.Echo objChild.Name & vbTab & objChild.Description
if objChild.AccountDisabled = TRUE then
WScript.Echo "Account for " & objChild.Get("cn") & " currently disabled"
if strDisableAccount = FALSE then
objChild.AccountDisabled = strDisableAccount
objChild.SetInfo
WScript.Echo "Account enabled"
end if
else
WScript.Echo "Account currently enabled"
if strDisableAccount = TRUE then
objChild.AccountDisabled = strDisableAccount
objChild.SetInfo
WScript.Echo "Account disabled"
end if
end if
Next
ASKER
No, this is not the one that I am looking for. While my task required to disable/enable within OU as fast as possible, I should not search individual user at all. That's why I need help from experts.
Anyway, thank you very much for your help.
Anyway, thank you very much for your help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Opps - you also wanted to be able to enable within an OU as well - this is a revised script.
Edit line 2; True will disable accounts, False will enable all accounts
(within the OU mentioned in Line 1)
Edit line 2; True will disable accounts, False will enable all accounts
(within the OU mentioned in Line 1)
strOU = "OU=Disabled,OU=My Users,DC=domain,DC=com"
boolDisableAccount = True
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
strBase = "<LDAP://" & strOU & ">"
strFilter = "(&(objectCategory=person)(objectClass=user))"
strAttributes = "distinguishedName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 1000
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
strUserDN = objRecordSet.Fields("distinguishedName")
set objUser = GetObject("LDAP://" & strUserDN)
if boolDisableAccount then
objUser.AccountDisabled = True
else
objUser.AccountDisabled = False
end if
objUser.SetInfo
objRecordSet.MoveNext
LoopASKER
Rejoinder, thank you very much for your help. It's worked. Can you explain to me the line on the enable user account script.
if boolDisableAccount then
objUser.AccountDisabled = True
Because when I ran your original script it does not enable any user account at all, I have to removed the line above, and it worked from there.
if boolDisableAccount then
objUser.AccountDisabled = True
Because when I ran your original script it does not enable any user account at all, I have to removed the line above, and it worked from there.
To enable accounts, set the value on line 2 to this...
boolDisableAccount = False
Then when the script does the logic at the point to enable/disable an account it will ask for the value of boolDisableAccount. If the setting is true, the account get disabled, if false, then the account will get enabled.
boolDisableAccount = False
Then when the script does the logic at the point to enable/disable an account it will ask for the value of boolDisableAccount. If the setting is true, the account get disabled, if false, then the account will get enabled.
http://techtasks.com/code/viewbookcode/1579
-----
strDisableAccount = FALSE
strUserDN = "<UserDN>" ' e.g. cn=jsmith,cn=Users,dc=rall
set objUser = GetObject("LDAP://" & strUserDN)
if objUser.AccountDisabled = TRUE then
WScript.Echo "Account for " & objUser.Get("cn") & " currently disabled"
if strDisableAccount = FALSE then
objUser.AccountDisabled = strDisableAccount
objUser.SetInfo
WScript.Echo "Account enabled"
end if
else
WScript.Echo "Account currently enabled"
if strDisableAccount = TRUE then
objUser.AccountDisabled = strDisableAccount
objUser.SetInfo
WScript.Echo "Account disabled"
end if
end if
Greetings