none
help disabling expired user accounts in AD RRS feed

  • Question

  • I'm looking for a bit of help here... I'm trying to create a vb script that looks for all user accounts that has expired before today and disables them. After a LOT of scrounging the interwebs I've been able to scraped together the bellow VB script that lists all the expired user accounts that are still active, so now i'm trying to have it take the found accounts and disable them

    Option Explicit
    
    Dim dtmAdjusted, lngSeconds, str64Bit
    Dim objShell, lngBiasKey, lngBias, k
    Dim objRootDSE, strDNSDomain, objConnection, objRecordset, objUser
    Dim strBase, strFilter, strAttributes, strQuery, strDN, strAttributes1, strAttributes2, strAttributes3
    
    ' Obtain local Time Zone bias from machine registry.
    Set objShell = CreateObject("Wscript.Shell")
    lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
    & "TimeZoneInformation\ActiveTimeBias")
    If UCase(TypeName(lngBiasKey)) = "LONG" Then
    lngBias = lngBiasKey
    ElseIf UCase(TypeName(lngBiasKey)) = "VARIANT()" Then
    lngBias = 0
    For k = 0 To UBound(lngBiasKey)
    lngBias = lngBias + (lngBiasKey(k) * 256^k)
    Next
    End If
    
    ' Convert current date/time value to UTC.
    dtmAdjusted = DateAdd("n", lngBias, Now)
    
    ' Find number of seconds since 1/1/1601.
    lngSeconds = DateDiff("s", #1/1/1601#, dtmAdjusted)
    
    ' Convert the number of seconds to a string
    ' and convert to 100-nanosecond intervals.
    str64Bit = CStr(lngSeconds) & "0000000"
    
    ' Determine DNS domain name.
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strDNSDomain = objRootDSE.Get("defaultNamingContext")
    
    ' Use ADO to search Active Directory.
    Set objConnection = CreateObject("ADODB.Connection")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"
    Set objRecordset = CreateObject("ADODB.Recordset")
    objRecordset.ActiveConnection = objConnection
    
    ' Search entire domain.
    strBase = "<LDAP://dc=globalgiving,dc=local>"
    
    ' Filter on expired user accounts.
    strFilter = "(&(objectCategory=person)(objectClass=user)" _
    & "(accountExpires<=" & str64Bit & ")(!accountExpires=0)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
    
    ' Retrieve Distinguished Names.
    strAttributes = "sAMAccountName"
    
    ' Use ADO to query AD.
    strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
    objRecordset.Source = strQuery
    objRecordset.Open
    
    ' Enumerate expired user accounts.
    Do Until objRecordSet.EOF
    strDN = objRecordSet.Fields("sAMAccountName")
    Wscript.Echo strDN
    objRecordSet.MoveNext
    Loop
    
    ' Clean up.
    objRecordset.Close
    objConnection.Close
    Set objRootDSE = Nothing
    Set objConnection = Nothing
    Set objRecordSet = Nothing

    I tried adding: 

    strDN.AccountDisabled = True 
    strDN.SetInfo

    but I get :

    (66, 1) Microsoft VBScript runtime error: Object required: 'jtest'

    jtest is one of the test accounts I have on my AD.

    Any suggestions or pointers anyone can give me? I found a 4 line power script that dose exactly what i want, but power script isn't an option for me :(

    Friday, April 11, 2014 8:31 PM

Answers

  • Start with this:

    'change this
    ' Retrieve aDS path to user object
    strAttributes = "aDSPath,sAMAccountName"
    
    
    
    
    ' Enumerate expired user accounts.
    Do Until objRecordSet.EOF
         Set account = GetObject(objRecordSet.Fields("aDSPath"))
         Wscript.Echo account.SamAccountName
         account.AccountDisabled = True
         account.SetInfo
         objRecordSet.MoveNext
    Loop
    


    ¯\_(ツ)_/¯

    • Proposed as answer by jrv Friday, April 11, 2014 10:22 PM
    • Marked as answer by Jcasanas Saturday, April 12, 2014 1:16 AM
    Friday, April 11, 2014 10:22 PM

All replies

  • Start with this:

    'change this
    ' Retrieve aDS path to user object
    strAttributes = "aDSPath,sAMAccountName"
    
    
    
    
    ' Enumerate expired user accounts.
    Do Until objRecordSet.EOF
         Set account = GetObject(objRecordSet.Fields("aDSPath"))
         Wscript.Echo account.SamAccountName
         account.AccountDisabled = True
         account.SetInfo
         objRecordSet.MoveNext
    Loop
    


    ¯\_(ツ)_/¯

    • Proposed as answer by jrv Friday, April 11, 2014 10:22 PM
    • Marked as answer by Jcasanas Saturday, April 12, 2014 1:16 AM
    Friday, April 11, 2014 10:22 PM
  • jrv - Thank you sooo much... I knew it was something simple i was missing
    Saturday, April 12, 2014 1:17 AM
  • jrv - Thank you sooo much... I knew it was something simple i was missing

    You were close.

    You are welcome.  Good luck.


    ¯\_(ツ)_/¯

    Saturday, April 12, 2014 1:25 AM