?
Solved

Script to enable or disable users within OU

Posted on 2008-11-17
8
Medium Priority
?
451 Views
Last Modified: 2012-05-05
Hi there, I am looking for the script that will enable or disable users within OU. Please help me out, thank you in advance.
0
Comment
Question by:2LL
  • 3
  • 3
  • 2
8 Comments
 
LVL 7

Expert Comment

by:JuanCarniglia
ID: 22977240
Taken from:

http://techtasks.com/code/viewbookcode/1579
-----


strDisableAccount = FALSE  
strUserDN = "<UserDN>" ' e.g. cn=jsmith,cn=Users,dc=rallencorp,dc=com

set objUser = GetObject("LDAP://" & strUserDN)
if objUser.AccountDisabled = TRUE then
   WScript.Echo "Account for " & objUser.Get("cn") & " currently disabled"
   if strDisableAccount = FALSE then
      objUser.AccountDisabled = strDisableAccount
      objUser.SetInfo
      WScript.Echo "Account enabled"
   end if
else
   WScript.Echo "Account currently enabled"
   if strDisableAccount = TRUE then
      objUser.AccountDisabled = strDisableAccount
      objUser.SetInfo
      WScript.Echo "Account disabled"
   end if
end if


Greetings
0
 

Author Comment

by:2LL
ID: 22977653
Thank JuanCarniqlia. Actually, I am looking for the the script that will enable or disable users within OU, not individual user.
0
 
LVL 7

Expert Comment

by:JuanCarniglia
ID: 22977721
Oh, you mean ALL users within the same OU.

You would have to do a search, and then, disable/enable each one, while looping through them.

Maybe this,

Option Explicit

Dim objDSE, strDefaultDN, strDN, objContainer, objChild

Set objDSE = GetObject("LDAP://rootDSE")
strDefaultDN = "CN=Users," & objDSE.Get("defaultNamingContext")

strDN =       InputBox("Enter the distinguished name of a container" & _
      vbCrLf & "(e.g. " & strDefaultDN & ")", , strDefaultDN)

If strDN = "" Then WScript.Quit(1)            'user clicked Cancel

Set objContainer = GetObject("LDAP://" & strDN)

objContainer.Filter = Array("user")
For Each objChild In objContainer
      WScript.Echo objChild.Name & vbTab & objChild.Description

if objChild.AccountDisabled = TRUE then
   WScript.Echo "Account for " & objChild.Get("cn") & " currently disabled"
   if strDisableAccount = FALSE then
      objChild.AccountDisabled = strDisableAccount
      objChild.SetInfo
      WScript.Echo "Account enabled"
   end if
else
   WScript.Echo "Account currently enabled"
   if strDisableAccount = TRUE then
      objChild.AccountDisabled = strDisableAccount
      objChild.SetInfo
      WScript.Echo "Account disabled"
   end if
end if
Next
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:2LL
ID: 22977753
No, this is not the one that I am looking for. While my task required to disable/enable within OU as fast as possible, I should not search individual user at all. That's why I need help from experts.
Anyway, thank you very much for your help.
0
 
LVL 14

Accepted Solution

by:
rejoinder earned 2000 total points
ID: 22982206
Here is a script that will disable all users within a particular OU.
Line 1 needs to be edited to point to the OU the users are in.  If you are not familiar with how to enter the OU path, please let me know but the idea is this...
start with the OU itself (ou=xyz) use commas as you travers up the tree so that if the path looks like this \My Users\Disabled Users\Here you would have to start with ou=Here,ou=Disabled Users,ou=My Users.
Next is your FQDN such that it might look like this sub.domain.com but for the script would need to be dc=sub,dc=domain,dc=com.
Combined the string will appear as ou=Here,ou=Disabled Users,ou=My Users,dc=sub,dc=domain,dc=com
strOU = "OU=Disabled,OU=My Users,DC=domain,DC=com"
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
strBase = "<LDAP://" & strOU & ">"
strFilter = "(&(objectCategory=person)(objectClass=user))"
strAttributes = "distinguishedName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 1000
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    strUserDN = objRecordSet.Fields("distinguishedName")
    set objUser = GetObject("LDAP://" & strUserDN)
    objUser.AccountDisabled = True
    objUser.SetInfo
    objRecordSet.MoveNext
Loop

Open in new window

0
 
LVL 14

Expert Comment

by:rejoinder
ID: 22982217
Opps - you also wanted to be able to enable within an OU as well - this is a revised script.
Edit line 2; True will disable accounts, False will enable all accounts
(within the OU mentioned in Line 1)
strOU = "OU=Disabled,OU=My Users,DC=domain,DC=com"
boolDisableAccount = True
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
strBase = "<LDAP://" & strOU & ">"
strFilter = "(&(objectCategory=person)(objectClass=user))"
strAttributes = "distinguishedName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 1000
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    strUserDN = objRecordSet.Fields("distinguishedName")
    set objUser = GetObject("LDAP://" & strUserDN)
    if boolDisableAccount then
        objUser.AccountDisabled = True
    else
        objUser.AccountDisabled = False
    end if
    objUser.SetInfo
    objRecordSet.MoveNext
Loop

Open in new window

0
 

Author Comment

by:2LL
ID: 22985227
Rejoinder, thank you very much for your help. It's worked. Can you explain to me the line on the enable user account script.
       if boolDisableAccount then
             objUser.AccountDisabled = True
Because when I ran your original script it does not enable any user account at all, I have to removed the line above, and it worked from there.
0
 
LVL 14

Expert Comment

by:rejoinder
ID: 22986460
To enable accounts, set the value on line 2 to this...
boolDisableAccount = False

Then when the script does the logic at the point to enable/disable an account it will ask for the value of boolDisableAccount.  If the setting is true, the account get disabled, if false, then the account will get enabled.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to writing scripts for a Client/Server computing environment it is essential to consider some way of enabling the authentication functionality within a script. This sort of consideration mainly comes into the picture when we are dealin…
This is pretty cool.  The purpose of this VB Script is to help you document where JAR (Java ARchive) files and specifically java class files are located so that you can address issues seen with a client or that you can speak intelligently with a dev…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses
Course of the Month14 days, 18 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question