none
AD User query to find old user accounts and feed into script to delete said accounts. VBS Scripts maybe? RRS feed

  • Question

  • Hello,

    I recently came across some scripts that would allow me to query AD to find users that had last logged on or before a specified date. I figured out where to change the Domain name, etc. in the script to parse DCs in my environment and the date for last logon. My difficulty lies in placement of the command to append a file in the script being that it is a loop. ( I will provide the sample code below) My goal is to properly build and modify the scipt specific to my environment, have the query place its contents in a file, (CSV?) and then run a second script to read the CSV file and from it delete said accounts from AD. Here goes the last logon date script


    On Error Resume Next

    Const ADS_SCOPE_SUBTREE = 2

    dtmLogonDate = "10/1/2007"   

    Set objShell = CreateObject("Wscript.Shell")
    lngTimeZoneBias = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
      & "TimeZoneInformation\ActiveTimeBias")
    If UCase(TypeName(lngTimeZoneBias)) = "LONG" Then
      lngFinalBias = lngTimeZoneBias
    ElseIf UCase(TypeName(lngTimeZoneBias)) = "VARIANT()" Then
      lngFinalBias = 0
      For k = 0 To UBound(lngTimeZoneBias)
        lngFinalBias = lngFinalBias + (lngTimeZoneBias(k) * 256^k)
      Next
    End If

    dtmNewDate = DateAdd("n", lngFinalBias, dtmLogonDate)
    lngSeconds = DateDiff("s", #1/1/1601#, dtmNewDate)
    strModifiedLogonDate = CStr(lngSeconds) & "0000000"


    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand =   CreateObject("ADODB.Command")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"
    Set objCommand.ActiveConnection = objConnection

    objCommand.Properties("Page Size") = 1000
    objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

    objCommand.CommandText = _
        "SELECT Name FROM 'LDAP://dc=Universal-Outcomes,dc=com' WHERE objectClass='user' "  & _
            "AND lastlogon<='" & strModifiedLogonDate & "'"
    Set objRecordSet = objCommand.Execute

    objRecordSet.MoveFirst
    Do Until objRecordSet.EOF
        Wscript.Echo objRecordSet.Fields("Name").Value
        objRecordSet.MoveNext

    Loop

    ****That is the script that I have to query AD to get the last logon date or before for the date of 10/1/2007. Would I put the command on the line that reads [Wscript.Echo objRecordSet.Fields("Name").Value] right at the end to send the results or append results to a .CSV file? Then how would I take the output and feed it into another script that will read the .CSV file and delete said accounts. Here is the sample script I found for deleting users from AD

    Set objOU = GetObject("LDAP://ou=hr,dc=fabrikam,dc=com")

     

    objOU.Delete "user", "cn=MyerKen"

    This script from my examination of it will only delete one user in the fabrikam.com domain. Is there any way to feed results of first script into second script to acheive the results I anticipate? Thank you much for any and all help that can be provided. My environment is comprised of 2k3 servers and XP clients.

    Wednesday, August 5, 2009 11:07 PM

Answers