Hi Guys,

I'm working on a script to enumerate OUs for disabled computer
objects. Any idea how the query should look like? The following script
can lookup for disabled user accounts. Any thoughts on how to modify
this script to lookup for disabled computer accounts??

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
    "<GC://dc=fabrikam,dc=com>;(objectCategory=User)" & _
        ";userAccountControl,distinguishedName;subtree"
Set objRecordSet = objCommand.Execute

intCounter = 0
Do Until objRecordset.EOF
    intUAC=objRecordset.Fields("userAccountControl")
    If intUAC AND ADS_UF_ACCOUNTDISABLE Then
        WScript.echo objRecordset.Fields("distinguishedName") & " is
disabled"
        intCounter = intCounter + 1
    End If
    objRecordset.MoveNext
Loop

Thanks in advance.

Hi,
It's easier to use dsquery like this:
dsquery computer "OU=your_ou,DC=your_domain,DC=xxx" -disabled

Show quoteHide quote

rushtosri <sridhar.ananthar***@gmail.com> wrote:
Why reinvent the wheel? Check out OldCmp at www.joeware.net.

<snip>

Because it's fun (if that's what you call it).  Sort of like Karaoke with a
live band in front of 1500 people I suppose ....
;-)

Brendan Enrick says he'll post the video;  I'm still waiting...

John


"Lanwench [MVP - Exchange]"
<lanwe***@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message
Show quoteHide quote

John Fullbright <fjohn@donotspamnetappdotcom> wrote:
Youtube, baby. :)
Show quoteHide quote

Show quote Hide quote Besides oldcomp and dsquery, you can revise your VBScript solution. The
filter for computer objects is (objectCategory=computer). Rather than
returning all computer objects and testing the ADS_UF_ACCOUNTDISABLE bit of
userAccountControl, you can query for just the computer objects where that
bit is set. See below:
===========
Option Explicit

Dim adoCommand, adoConnection, strBase, strFilter, strAttributes

Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strDN

Dim intCounter



' Setup ADO objects.

Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection



' Search entire Active Directory domain.

Set objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"


' Filter on disabled computer objects.
strFilter = "(&(objectCategory=computer)" _

    & "(userAccountControl:1.2.840.113556.1.4.803:=2))"



' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName"



' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False



' Run the query.
Set adoRecordset = adoCommand.Execute


' Enumerate the resulting recordset.

intCount = 0
Do Until adoRecordset.EOF

    ' Retrieve values and display.
    strDN = adoRecordset.Fields("distinguishedName").Value

    Wscript.Echo strDN & " is disabled"

    intCount = intCount + 1

    ' Move to the next record in the recordset.
    adoRecordset.MoveNext
Loop



' Clean up.

adoRecordset.Close

adoConnection.Close



Wscript.Echo CStr(intCounter) & " computers are disabled.

Schedule Defrag through GPO (non admin)
Access protected folders using system account
If syntax for numeric values
SBS 2003 VB Scripting - Help Needed!
Script to set share permissions on home directories
help with logon vbs script
Script AD remove all members groups OU
Change Password
LDAP query fails... because of parentheses?
Script for Thunderbird configuration