Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Remove Disabled Users from an AD security group

Posted on 2011-03-16
4
Medium Priority
?
1,236 Views
Last Modified: 2012-05-11
Hello...

Is there a way to remove ONLY disabled users from an AD security group via VB script?

TY,
Quan
0
Comment
Question by:qvn7
  • 2
3 Comments
 
LVL 65

Expert Comment

by:RobSampson
ID: 35153895
Hi, this script will remove disabled accounts from the specified Active Directory group.

Regards,

Rob.
Const ADS_UF_ACCOUNTDISABLE = 2
Set objGroup = GetObject("LDAP://CN=TestUsers,OU=TestOU,DC=Domain,DC=Com")
For Each objUser In objGroup.Members
	If objUser.Class = "user" Then
		intUAC = objUser.userAccountControl
		If intUAC And ADS_UF_ACCOUNTDISABLE Then
			WScript.Echo Mid(objUser.Name, 4) & " is disabled"
			objGroup.Remove objUser.AdsPath
			WScript.Echo Mid(objUser.Name, 4) & " was removed from " & Mid(objGroup.Name, 4)
		Else
			WScript.Echo Mid(objUser.Name, 4) & " is not disabled"
		End If
	End If
Next
MsgBox "Done"

Open in new window

0
 

Author Comment

by:qvn7
ID: 35156818
Thanks to those who provided great suggestions/solutions.  Appreciate it very much!!!
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 2000 total points
ID: 35162338
Did it work well enough for you to close the question?  I noticed you posted another question, I'll check it out.

Regards,

Rob.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question