Script to enable or disable users within OU

Hi there, I am looking for the script that will enable or disable users within OU. Please help me out, thank you in advance.
2LLAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JuanCarnigliaCommented:
Taken from:

http://techtasks.com/code/viewbookcode/1579
-----


strDisableAccount = FALSE  
strUserDN = "<UserDN>" ' e.g. cn=jsmith,cn=Users,dc=rallencorp,dc=com

set objUser = GetObject("LDAP://" & strUserDN)
if objUser.AccountDisabled = TRUE then
   WScript.Echo "Account for " & objUser.Get("cn") & " currently disabled"
   if strDisableAccount = FALSE then
      objUser.AccountDisabled = strDisableAccount
      objUser.SetInfo
      WScript.Echo "Account enabled"
   end if
else
   WScript.Echo "Account currently enabled"
   if strDisableAccount = TRUE then
      objUser.AccountDisabled = strDisableAccount
      objUser.SetInfo
      WScript.Echo "Account disabled"
   end if
end if


Greetings
2LLAuthor Commented:
Thank JuanCarniqlia. Actually, I am looking for the the script that will enable or disable users within OU, not individual user.
JuanCarnigliaCommented:
Oh, you mean ALL users within the same OU.

You would have to do a search, and then, disable/enable each one, while looping through them.

Maybe this,

Option Explicit

Dim objDSE, strDefaultDN, strDN, objContainer, objChild

Set objDSE = GetObject("LDAP://rootDSE")
strDefaultDN = "CN=Users," & objDSE.Get("defaultNamingContext")

strDN =       InputBox("Enter the distinguished name of a container" & _
      vbCrLf & "(e.g. " & strDefaultDN & ")", , strDefaultDN)

If strDN = "" Then WScript.Quit(1)            'user clicked Cancel

Set objContainer = GetObject("LDAP://" & strDN)

objContainer.Filter = Array("user")
For Each objChild In objContainer
      WScript.Echo objChild.Name & vbTab & objChild.Description

if objChild.AccountDisabled = TRUE then
   WScript.Echo "Account for " & objChild.Get("cn") & " currently disabled"
   if strDisableAccount = FALSE then
      objChild.AccountDisabled = strDisableAccount
      objChild.SetInfo
      WScript.Echo "Account enabled"
   end if
else
   WScript.Echo "Account currently enabled"
   if strDisableAccount = TRUE then
      objChild.AccountDisabled = strDisableAccount
      objChild.SetInfo
      WScript.Echo "Account disabled"
   end if
end if
Next
Angular Fundamentals

Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.

2LLAuthor Commented:
No, this is not the one that I am looking for. While my task required to disable/enable within OU as fast as possible, I should not search individual user at all. That's why I need help from experts.
Anyway, thank you very much for your help.
rejoinderCommented:
Here is a script that will disable all users within a particular OU.
Line 1 needs to be edited to point to the OU the users are in.  If you are not familiar with how to enter the OU path, please let me know but the idea is this...
start with the OU itself (ou=xyz) use commas as you travers up the tree so that if the path looks like this \My Users\Disabled Users\Here you would have to start with ou=Here,ou=Disabled Users,ou=My Users.
Next is your FQDN such that it might look like this sub.domain.com but for the script would need to be dc=sub,dc=domain,dc=com.
Combined the string will appear as ou=Here,ou=Disabled Users,ou=My Users,dc=sub,dc=domain,dc=com
strOU = "OU=Disabled,OU=My Users,DC=domain,DC=com"
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
strBase = "<LDAP://" & strOU & ">"
strFilter = "(&(objectCategory=person)(objectClass=user))"
strAttributes = "distinguishedName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 1000
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    strUserDN = objRecordSet.Fields("distinguishedName")
    set objUser = GetObject("LDAP://" & strUserDN)
    objUser.AccountDisabled = True
    objUser.SetInfo
    objRecordSet.MoveNext
Loop

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rejoinderCommented:
Opps - you also wanted to be able to enable within an OU as well - this is a revised script.
Edit line 2; True will disable accounts, False will enable all accounts
(within the OU mentioned in Line 1)
strOU = "OU=Disabled,OU=My Users,DC=domain,DC=com"
boolDisableAccount = True
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
strBase = "<LDAP://" & strOU & ">"
strFilter = "(&(objectCategory=person)(objectClass=user))"
strAttributes = "distinguishedName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 1000
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    strUserDN = objRecordSet.Fields("distinguishedName")
    set objUser = GetObject("LDAP://" & strUserDN)
    if boolDisableAccount then
        objUser.AccountDisabled = True
    else
        objUser.AccountDisabled = False
    end if
    objUser.SetInfo
    objRecordSet.MoveNext
Loop

Open in new window

2LLAuthor Commented:
Rejoinder, thank you very much for your help. It's worked. Can you explain to me the line on the enable user account script.
       if boolDisableAccount then
             objUser.AccountDisabled = True
Because when I ran your original script it does not enable any user account at all, I have to removed the line above, and it worked from there.
rejoinderCommented:
To enable accounts, set the value on line 2 to this...
boolDisableAccount = False

Then when the script does the logic at the point to enable/disable an account it will ask for the value of boolDisableAccount.  If the setting is true, the account get disabled, if false, then the account will get enabled.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VB Script

From novice to tech pro — start learning today.