VB Script to Disable AD User Accout

Posted on 2011-10-06
Medium Priority
Last Modified: 2014-08-01
I need a VB Scrip that will allow a non admin user to quick disable a AD User account.  The Script needs to prompt the user for the persons first and last name to disable.  It will need to be able to crawel through all Sub OU's to find the user automatically.
What I have so far works like I want it, expect I have to sepecifiy the OU the user is located in which I don't want it needs to find the user by searching through all OU's


' Prompt for user Common Name.
cn = InputBox("Enter the First & Last Name of the Employee you want to Disable Example: Firstname Lastname")

On Error Resume Next
Set objUser = GetObject _
    ("LDAP://cn=" & CN & ",ou=Facilities,ou=Production,dc=mirrorinc,dc=org")
If (Err.Number = 0) Then
    On Error GoTo 0
    intUAC = objUser.Get("userAccountControl")

    objUser.Put "userAccountControl", intUAC OR ADS_UF_ACCOUNTDISABLE
    On Error GoTo 0
    Wscript.Echo " User " & CN & " not found"
End If
Question by:Mirrorinc
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36924870
Might be helpful for you. There is ready script for that with explanation


Author Comment

ID: 36925007
that is all really good but way more code then I think I need.  I just need to know how to apply a Domain Wide Search for users to my Code Above.  I see from the link they are doing what I need but I need to know how to apply to my existing code.  I Haven't had to write to many scripts that access AD directly.

Accepted Solution

jawa29 earned 1000 total points
ID: 36929994

This code should do what you want, it will search AD based on the Firstname and Surname supplied then using the distinguishedName will disable the account.


On Error Resume Next

Set oRoot = GetObject("LDAP://RootDSE")
vDomain = oRoot.Get("DefaultNamingContext")

' Prompt for user Common Name.
sCN = InputBox("Enter the First & Last Name of the Employee you want to Disable Example: Firstname Lastname")

If sCN <> "" Then
	sFirstName = Split(sCN, " ")(0)
	sLastName = Split(sCN, " ")(1)
End If

Set oConnection = CreateObject("ADODB.Connection")
Set oCommand =   CreateObject("ADODB.Command")
oConnection.Provider = "ADsDSOObject"
oConnection.Open "Active Directory Provider"
Set oCommand.ActiveConnection = oConnection
oCommand.Properties("Page Size") = 1

oCommand.CommandText = "<LDAP://" & vDomain & ">;(&((objectCategory=Person)(givenName=" & sFirstName & ")(sn=" & sLastName & ")));distinguishedName;Subtree"
Set oRS = oCommand.Execute

If Not oRS.EOF Then
	sDN = oRS("distinguishedName")
	Set objUser = GetObject("LDAP://cn=" & sCN & ",ou=Facilities,ou=Production,dc=mirrorinc,dc=org")
	On Error GoTo 0
	intUAC = objUser.Get("userAccountControl")
    objUser.Put "userAccountControl", intUAC OR ADS_UF_ACCOUNTDISABLE
	Wscript.Echo " User " & sCN & " not found"
End If

Open in new window


Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question