Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Export list of disable AD accounts 3

Status
Not open for further replies.
billybarty

billybarty

Technical User
May 3, 2002
251
0
0
CA
How can I get a list of disabled accounts from AD Domain Users group?
 
Sort by date Sort by votes
I would say that there are a few fella's in here that could write a better script, but this should at least point you in the right direction. It queries your entire domain for user objects and if they are disabled it prints it to a text file located at c:\temp:
Code: 
Dim fso, f
Dim conn
Dim rs
Dim provider
Dim strSql


Set conn = CreateObject("ADODB.Connection")
Set fso = CreateObject("Scripting.FileSystemObject")
Set f = fso.CreateTextFile("C:\Temp\Enabled.txt")

provider = "ADsDSOObject"

With conn
	.Provider = provider
	.Open "Active Directory Provider"
End With

strSql = "SELECT sn, givenname, adspath, useraccountcontrol FROM 'LDAP://DC=[b]YOUR DOMAIN[/b],DC=com' WHERE objectclass = 'user' AND useraccountcontrol = 514 ORDER BY sn"

set rs = conn.execute(strSql)

Do until rs.EOF

	f.WriteLine rs("sn") & ", " & rs("givenname") & " - " & rs("useraccountcontrol") & "   -   " & rs("adspath")

	rs.MoveNext

Loop

f.Close


msgbox "Done"


Set conn = Nothing
Set rs = Nothing
Set fso = Nothing
Hopefully it works for you.
 
Upvote 0 Downvote
you can get that information from dsquery

dsquery user -disabled
 
Upvote 0 Downvote
Thanks for your help, the dsquery options are a big help.
 
Upvote 0 Downvote
now that's what I'm talking about...my code is what, 30+ lines and swabs comes back with a 3 word solution...beautifule
 
Upvote 0 Downvote
If you want to do it in a GUI do a Find in ADUC and change to Common Queries. Then tick the disabled accounts box.

Neill
 
Upvote 0 Downvote
Using these methods gives me the disabled account in the domain. I need to get the disabled from the domain users group only. The dsquery I think only works on OU's.
 
Upvote 0 Downvote
do you really have many accounts that are not part of the "domain users" ou?
 
Upvote 0 Downvote
Yes, we have some accounts that were created for access to a web portal we host and they are removed from the domain users group upon creation. I modified the script above to search the Domain Users group for our domain and it runs successfully but generates an empty text file called Enabled.txt. If I missed some quotes or something should it give me an error the way it is written or complete with no errors?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
140
DrB0b
DrB0b
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
141
suncit
suncit
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
84
DrB0b
DrB0b
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
129
gbaughma
gbaughma
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
88
DTGMI
DTGMI

Part and Inventory Search

Sponsor

Back
Top