Hello

I have a list of users & I would like to check via a script if their
IDs exist in Active Directory & whether these IDs have been disabled.
Thanks

Hello,

do you mean samaccountname or SID ?

Psgetsid from sysinternal is your friend:
http://technet.microsoft.com/en-us/sysinternals/bb897417.aspx



Cordialement,
Mathieu CHATEAU
french blog: http://www.lotp.fr
english blog: http://lordoftheping.blogspot.com


Tom a écrit :
Show quoteHide quote

On Apr 28, 9:52 am, Mathieu CHATEAU <gollum***@free.fr> wrote:
Show quoteHide quoteBut how would I check if their IDs (samaccounts) have been disabled
via a script?

If the list of users is a text file, one name per line, and the names are
the "pre-Windows 2000 logon" names, it would be most efficient to use the
IADsNameTranslate interface in a VBScript program to check for existence by
attempting to convert into the Distinguished Name. However, you would then
need to bind to the user object to find out if the account is disabled.
Overall, it might be best to use ADO to search AD for each user. The ADO
query can retrieve the value of the userAccountControl attribute, which will
indicate if the user is enabled. For example (not tested):
===========
Option Explicit

Dim objRootDSE, strDNSDomain, adoCommand, adoConnection
Dim strBase, strFilter, strAttributes, strQuery, adoRecordset
Dim strUserDFN, strFile, objFSO, objFile, strName, lngFlag

Const ForReading = 1
Const ADS_UF_ACCOUNTDISABLE = &H02

' Specify text file of user "pre-Windows 2000 logon" names.
strFile = "c:\scripts\users.txt"

' Open the file for read access.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = obFSO.OpenTextFile(strFile, ForReading)

' Determine DNS domain name.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

' Use ADO to search Active Directory.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection

' Search entire domain.
strBase = "<LDAP://" & strDNSDomain & ">"

' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName,userAccountControl"

adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

' Read the each line of the file.
Do Until objFile.AtEndOfStream
    strName = Trim(objFile.ReadLine)
    ' Skip blank lines.
    If (strName <> "") Then
        ' Search for user.
        strFilter = "(&(objectCategory=person)(objectClass=user)" _
            & "(sAMAccountName=" & strName & "))"

        ' Construct the LDAP query.
        strQuery = strBase & ";" & strFilter & ";" _
            & strAttributes & ";subtree"

        ' Run the query.
        adoCommand.CommandText = strQuery
        Set adoRecordset = adoCommand.Execute

        If (adoRecordset.EOF = True) Then
            Wscript.Echo "User " & strName & " does not exist."
        End If

        ' Enumerate the resulting recordset.
        Do Until adoRecordset.EOF
            ' Retrieve values.
            strUserDN = adoRecordset.Fields("distinguishedName").Value
            lngFlag = CLng(adoRecordset.Fields("userAccountControl").Value)
            If (lngFlag And ADS_UF_ACCOUNTDISABLE) <> 0 Then
                Wscript.Echo "User " strUserDN & " is disabled."
            Else
                Wscript.Echo "User " strUserDN & " is NOT disabled."
            End If
            adoRecordset.MoveNext
        Loop
        adoRecordset.Close
    End If
Loop

' Clean up.
adoConnection.Close

Inventory script question
How do implement this wildcard?
Logon script help
Get computer name as variable to use in vbs script.
Issues when launching a vbscript file from hta interface file
Re: Updating AD with a script
Command to add registry entry
convert vb script to exe
looking for a code to add data
Total size of sql databases