Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help updating VBS to disable AD domain admin users

Status
Not open for further replies.
meckeard

meckeard

Programmer
Aug 17, 2001
619
US
Hi all,

I've had the following script that disables AD users but my requirements have recently changed. I now need to disable any active accounts but only if they are in the 'Domain Admin' group.

My script is below. What can I add to my If statement to check the group the user is in?

Thanks!

CONST sInactiveUsersOU = "LDAP://ou=Disabled Accounts,DC=corp,DC=somebank,DC=com"

Set objOU = GetObject(sInactiveUsersOU)

objOU.Filter = Array("user")

For Each objUser In objOU
'-- If it's enabled, disable it
If objUser.AccountDisabled = FALSE Then
objUser.AccountDisabled = TRUE
objUser.Put "description", "##### Disabled by system " & Now
objUser.SetInfo
End If
Next

set objOU = Nothing
Set objUserr = Nothing
 
Sort by date Sort by votes
I think you are going about this a bad way. Just bind to the Admin group and enumerate through its members. Why check every user that logs in?

Be very careful that when coding this you don't accidentally remove the Administrator account from Domain Admins or you will not be able to manage your domain.

To be honest, since you are only talking about a single group, I would just open that group up in ADUC and manually look at the memberships.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
markdmac,

How can I bind to that particular user group?

TIA.
 
Upvote 0 Downvote
Bind to a group and display the members:

Code: 
On Error Resume Next
 
Set objGroup = GetObject _
  ("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")
objGroup.GetInfo
 
arrMemberOf = objGroup.GetEx("member")
 
WScript.Echo "Members:"
For Each strMember in arrMemberOf
    WScript.echo strMember
Next

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bdwilcox
  • Locked
  • Question
Trying to adapt VBScript to search if machine is in an AD group 6
Replies
8
Views
1K
SoftwareRT
SoftwareRT
lunter
  • Locked
  • Question
How to create vbArray+vbByte (8209) in *.vbs stript
Replies
0
Views
251
lunter
lunter
Alexvb6
  • Locked
  • Question
Deprecation of VBScript + Classic ASP: How to Ask Microsoft to cancel their planned craziness
Replies
0
Views
430
Alexvb6
Alexvb6
Michastro
  • Locked
  • Question
Send an order to an IP power in VBS
Replies
0
Views
228
Michastro
Michastro
Palito1916
  • Locked
  • Question
Disable multiple computer accounts using TXT file with computer names
Replies
2
Views
305
Palito1916
Palito1916

Part and Inventory Search

Sponsor

Back
Top