Visual Basic Script - Listing Disabled Users from Active Directory
Author: jason
Date: 2005-03-30
Category: Technical

In this lesson we are going to look at querying Active Directory for disabled users with VBScript. If you are running Windows 2003 and have the adminpak.msi loaded for W2K3 you can make a "Saved Query" in Active Directory Users and Computers to routinely display disabled users. Or, you could write a VBScript.

We will demonstrate the following:
1. Get input from the user
2. Create and write to a file
3. Query Active Directory for the user class and account status

Here is the code (show.disable.vbs):
Code

Option Explicit
On Error Resume Next
Dim FileSys, WrLines, DomainName, oDomain, oDomainItem

DomainName = InputBox("Please Enter Your Fully Qualified NT Domain Name", "Input", "your.domain.com")

Set FileSys = CreateObject("Scripting.FileSystemObject")
Set WrLines = FileSys.CreateTextFile("disabled-users.csv", True)

WrLines.WriteLine("Logon Name,Disabled?,Full Name")

Set oDomain = GetObject("WinNT://" & DomainName)
For Each oDomainItem in oDomain
If oDomainItem.Class = "User" AND oDomainItem.AccountDisabled = True Then
WrLines.WriteLine(oDomainItem.Name & "," & oDomainItem.AccountDisabled & "," & oDomainItem.FullName)
End If
Next

WrLines.Close
WScript.Echo "Done"


Let's step through it.

Here we set the code to follow strict guidelines. We also want to continue the script upon receiving an error. We set the variables which will hold our data. "FileSys" will create our file system object. "WrLines" will create the file and write the lines. "DomainName" will hold our fully qualified domain name. "oDomain" will be the object which gets and holds the Active Directory domain. "oDomainItem" will be each object in the domain, from users to computers and even printers.
Code

Option Explicit
On Error Resume Next
Dim FileSys, WrLines, DomainName, oDomain, oDomainItem


Ask the user for their domain. If we run this script alot we can change the "your.domain.com" to the actual domain. It will write into the text box for us, saving us some typing.
Code

DomainName = InputBox("Please Enter Your Fully Qualified NT Domain Name", "Input", "your.domain.com")


Setup the file system object, and create the file we want to write to. The file will be created in the same folder the script is run from.
Code

Set FileSys = CreateObject("Scripting.FileSystemObject")
Set WrLines = FileSys.CreateTextFile("disabled-users.csv", True)


Write a header line to the csv file
Code

WrLines.WriteLine("Logon Name,Disabled?,Full Name")


Let's open up the domain and step through each object/item in it
Code

Set oDomain = GetObject("WinNT://" & DomainName)
For Each oDomainItem in oDomain


If the object/item is classed as "User" and if it's account is disabled then go ahead and write a line in the csv file. There are many other things associated with the User class (or computer class too).
Code

If oDomainItem.Class = "User" AND oDomainItem.AccountDisabled = True Then
WrLines.WriteLine(oDomainItem.Name & "," & oDomainItem.AccountDisabled & "," & oDomainItem.FullName)
End If


The Next command is associated with For Each. So after checking, then jump to the next object/item and check 'em out.
Code

Next


When we are done with every object/item close up the csv and echo "Done" to the user.
Code

WrLines.Close
WScript.Echo "Done"


Pretty cool, eh? What other things can we check for? Go out and get the Active Directory Cookbook and see!

Reference:
http://www.serverwatch.com/tutorials/article.php/1548191
http://www.amazon.com/Active-Directory-3rd-Joe-Richards/dp/0596101732/ref=pd_bbs_2/102-1959864-8785741?ie=UTF8&s=books&qid=1177853042&sr=8-2



jason @ jasonthomasfrance.com - www.masterstationlog.com - copyright 2009