Searching through Active Directory for disabled accounts can be tedious.
This is why I created a script to shorten this process.
It will search through an OU and write all disabled accounts to a file.
———-COPY EVERYTHING BELOW THIS LINE———-
‘Created July 21 2006 By Chey Harden
Const ADS_UF_ACCOUNTDISABLE = 2
Const OPEN_FILE_FOR_WRITING = 2
strFile = “disabled.txt”
strWritePath = “\\SERVER\files\Scripts\” & strFile
strDirectory = “\\SERVER\files\Scripts\”
‘#########
Set objFSO1 = CreateObject(“Scripting.FileSystemObject”)
If objFSO1.FileExists(“\\SERVER\files\Scripts\” & strFile) Then
Set objFolder = objFSO1.GetFile(“\\SERVER\files\Scripts\” & strFile)
Else
Set objFile = objFSO1.CreateTextFile(strDirectory & strFile)
‘Wscript.Echo “Just created ” & objFolder & “\” & strFile
objFile = “”
End If
‘#########
Set fso = CreateObject(“Scripting.FileSystemObject”)
Set textFile = fso.OpenTextFile(strWritePath, OPEN_FILE_FOR_WRITING)
Set objConnection = CreateObject(“ADODB.Connection”)
objConnection.Open “Provider=ADsDSOObject;”
Set objCommand = CreateObject(“ADODB.Command”)
objCommand.ActiveConnection = objConnection
objCommand.CommandText = “<GC://dc=MY_DOMAIN,dc=com>;(objectCategory=User)” & _
“;userAccountControl,distinguishedName;subtree”
‘Put AD info Here, should be dc=DOMAIN, dc=”com” or “org”, or “local”
Set objRecordSet = objCommand.Execute
intCounter = 0
While Not objRecordset.EOF
intUAC=objRecordset.Fields(“userAccountControl”)
If intUAC AND ADS_UF_ACCOUNTDISABLE Then
‘WScript.echo objRecordset.Fields(“distinguishedName”) & ” is disabled”
textFile.WriteLine(objRecordset.Fields(“distinguishedName”))
intCounter = intCounter + 1
End If
objRecordset.MoveNext
Wend
WScript.Echo VbCrLf & “A total of ” & intCounter & ” accounts are disabled.”
objConnection.Close
WScript.Echo “Done…”
WScript.Quit
———-COPY EVERYTHING ABOVE THIS LINE———-
PLEASE MAKE SURE NO WORD WRAPPING IS HAPPENING IN YOUR NOTEPAD!!!
*Make sure you replace all instances of \\SERVER\files\Scripts\ with your UNC Server path that you want to log to.
*Make sure that you have write ability to the file path.
*Make sure you also change <GC://dc=MY_DOMAIN,dc=com> with your domain information.
Example: Domain.local would mean <GC://dc=Domain,dc=local>
This information is provided “AS IS” with no warranties expressed or implied.