Post by TomHello
I have a list of users & I would like to check via a script if their
IDs exist in Active Directory & whether these IDs have been disabled.
Thanks
If the list of users is a text file, one name per line, and the names are
the "pre-Windows 2000 logon" names, it would be most efficient to use the
IADsNameTranslate interface in a VBScript program to check for existence by
attempting to convert into the Distinguished Name. However, you would then
need to bind to the user object to find out if the account is disabled.
Overall, it might be best to use ADO to search AD for each user. The ADO
query can retrieve the value of the userAccountControl attribute, which will
indicate if the user is enabled. For example (not tested):
===========
Option Explicit
Dim objRootDSE, strDNSDomain, adoCommand, adoConnection
Dim strBase, strFilter, strAttributes, strQuery, adoRecordset
Dim strUserDFN, strFile, objFSO, objFile, strName, lngFlag
Const ForReading = 1
Const ADS_UF_ACCOUNTDISABLE = &H02
' Specify text file of user "pre-Windows 2000 logon" names.
strFile = "c:\scripts\users.txt"
' Open the file for read access.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = obFSO.OpenTextFile(strFile, ForReading)
' Determine DNS domain name.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
' Use ADO to search Active Directory.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection
' Search entire domain.
strBase = "<LDAP://" & strDNSDomain & ">"
' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName,userAccountControl"
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
' Read the each line of the file.
Do Until objFile.AtEndOfStream
strName = Trim(objFile.ReadLine)
' Skip blank lines.
If (strName <> "") Then
' Search for user.
strFilter = "(&(objectCategory=person)(objectClass=user)" _
& "(sAMAccountName=" & strName & "))"
' Construct the LDAP query.
strQuery = strBase & ";" & strFilter & ";" _
& strAttributes & ";subtree"
' Run the query.
adoCommand.CommandText = strQuery
Set adoRecordset = adoCommand.Execute
If (adoRecordset.EOF = True) Then
Wscript.Echo "User " & strName & " does not exist."
End If
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
' Retrieve values.
strUserDN = adoRecordset.Fields("distinguishedName").Value
lngFlag = CLng(adoRecordset.Fields("userAccountControl").Value)
If (lngFlag And ADS_UF_ACCOUNTDISABLE) <> 0 Then
Wscript.Echo "User " strUserDN & " is disabled."
Else
Wscript.Echo "User " strUserDN & " is NOT disabled."
End If
adoRecordset.MoveNext
Loop
adoRecordset.Close
End If
Loop
' Clean up.
adoConnection.Close
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--