How do I find "date disabled" and "user ID" in AD

[matrix101]

Hi,

I have a script that I've been peacing together for sometime now and I'm wondering how to find the dates the users acct were disabled and how I get the user IDs to show up.

I'm posting a copy here(most of it works), currently is will pull disabled acct info and open it up to an excel spreadsheet displaying the "Last Name, First Name" but now I need to be able to pull the date the account was actually disabled, how can I do that??? whats the attribute?

Any help/advise is very much welcome!!! thx!

Const ADS_SCOPE_SUBTREE = 2
Set objExcel = CreateObject("Excel.Application")
objExcel.Visible = True
objExcel.Workbooks.Add


objExcel.Cells(1, 1).Value = "Disabled Users Report"
objExcel.Cells(1, 1).Font.Bold = TRUE

Set objRange = objExcel.Range("A1","A1")
objRange.Font.Size = 12

objExcel.Cells(3, 1).Value = "Last Name"
objExcel.Cells(3, 2).Value = "First Name"
objExcel.Cells(3, 3).Value = "Date Disabled"
objExcel.Cells(3, 4).Value = "User ID"

objExcel.Cells(3, 1).Font.Bold = TRUE
objExcel.Cells(3, 2).Font.Bold = TRUE
objExcel.Cells(3, 3).Font.Bold = TRUE
objExcel.Cells(3, 4).Font.Bold = TRUE

Set objRange = objExcel.Range("A3","D3")
objRange.Font.Size = 11


Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 100
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Const ADS_UF_ACCOUNTDISABLE = 2
objCommand.CommandText = _
"SELECT userAccountControl, givenName, SN, DisabledDate, UserLogonID FROM " _
& "'LDAP://dc=corp,dc=jitb, dc=net' WHERE " _
& "objectCategory='user'"
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
x = 4

Do Until objRecordSet.EOF
intUAC = objRecordset.Fields("userAccountControl")
If intUAC And ADS_UF_ACCOUNTDISABLE Then

objExcel.Cells(x, 1).Value = _
objRecordSet.Fields("SN").Value
objExcel.Cells(x, 2).Value = _
objRecordSet.Fields("givenName").Value
objExcel.Cells(x, 3).Value = _
objRecordSet.Fields("DisabledDate").Value
objExcel.Cells(x, 4).Value = _
objRecordSet.Fields("UserLogonID").Value

x = x + 1

End If
objRecordSet.MoveNext
Loop

objRange.EntireColumn.Autofit()

objExcel.Cells(x+1, 1).Value = "Total Disabled Users ="

 

[dm4ever]

For AD attributes the best tool to use is ADSI Edit which is part of Win2k3 support tools.

http://www.microsoft.com/downloads/...78-8BE1-4E81-B3BE-4E7AC4F0912D&displaylang=en

"userlogonid" should be "SamAccountName"


--------------------------------------------------------------------------------
dm4ever
My philosophy: K.I.S.S - Keep It Simple Stupid

 

[matrix101]

I'm a beginner here, should I just try to plug "SamAccountName" into the script or do I need to do anything else? Thanks.

 

[dm4ever]

Yes, replace everywhere you have UserLogonID with SamAccountName and I don't believe there is a DisabledDate or anything similar to this...the closest thing would be to see when the account was last modified, but this does not necessarily mean when it was disabled.

--------------------------------------------------------------------------------
dm4ever
My philosophy: K.I.S.S - Keep It Simple Stupid

 

[markdmac]

I suggest that when you disable an account you either note it in the Description field, or any other unused field or create a custom property in the schema to track this and populate it at the time you disable the account.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.