Monday, 25 November 2013

VBScript to Disable Active Directory User Account

Description:

In this article, I am going to explain and write vbscript  code to Disable Active Directory user account using user's objectguid, samAccountName and distinguishedname and also Disable Bulk AD Users from CSV File using vbscript.

Note: You should run this vbscript code on a machine with windows Active Directory domain.

Summary:


VBScript to Disable Active Directory user by DistinguishedName

1. Copy the below example VBScript code and paste it in notepad or a VBScript editor.
2. Change the value for strUserDN with your own user's DN which you are going to disable.
3. Save the file with a .vbs extension, for example: Disable-AD-User.vbs
4. Double-click the vb script file (or Run this file from command window) to disable AD user.
' Disable-AD-User.vbs
' Sample VBScript to disable Active Directory user
' Author: http://www.morgantechspace.com/
' ------------------------------------------------------' 
Option Explicit
Dim strUserDN
Dim objUser 

strUserDN= "CN=TestUser,OU=TestOU1,DC=MyDomain,DC=Com"
Set objUser = GetObject("LDAP://"& strUserDN) 
objUser.AccountDisabled = True
objUser.SetInfo

MsgBox("AD user disabled successfully using VBScript code.")

WScript.Quit 

VBScript to Disable Active Directory user using by ObjectGUID

1. Copy the below example VBScript code and paste it in notepad or a VBScript editor.
2. Change the value for strUserGUID with your own user's ObjectGUID string which you are going to disable.
3. Save the file with a .vbs extension, for example: DisableADUserWithGUID.vbs
4. Double-click the vb script file (or Run this file from command window) to disable AD user.
' DisableADUserWithGUID.vbs
' Sample VBScript to disable AD user with ObjectGUID
' Author: http://www.morgantechspace.com/
' ------------------------------------------------------' 
Option Explicit
Dim strUserGUID
Dim objUser 

strUserGUID= "A777394D-0B5C-4FD2-BDDC-B12DDFB570A4"
Set objUser = GetObject("LDAP://<guid="& struserguid&">")
objUser.AccountDisabled = True
objUser.SetInfo

MsgBox("AD user disabled successfully using VBScript code.")

WScript.Quit 

VBScript to Disable AD User Account by samAccountName

1. Copy the below example VBScript code and paste it in notepad or a VBScript editor.
2. Change the value for strUserName with your own user's samAccountName which you are going to disable.
3. Save the file with a .vbs extension, for example: DisableADUserWithsamAccountName.vbs
4. Double-click the vb script file (or Run this file from command window) to disable AD user.
' DisableADUserWithsamAccountName.vbs
' Sample VBScript to disable AD user .
' Author: http://www.morgantechspace.com/
' ------------------------------------------------------' 

Option Explicit
Dim adoCommand, adoConnection
Dim varBaseDN, varFilter, varAttributes
Dim objRootDSE, varDNSDomain, strQuery, adoRecordset,strUserDN
Dim strSamAccountName,objUser

' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection

' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")

varDNSDomain = objRootDSE.Get("defaultNamingContext")
varBaseDN = "<LDAP://" & varDNSDomain & ">"

strSamAccountName="Test"

' Filter on user objects.
varFilter = "(&(objectCategory=person)(objectClass=user)(samaccountname="& strSamAccountName &"))"

' Comma delimited list of attribute values to retrieve.
varAttributes = "samaccountname,distinguishedname"

' Construct the LDAP syntax query.
strQuery = varBaseDN & ";" & varFilter & ";" & varAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 1000
adoCommand.Properties("Timeout") = 20
adoCommand.Properties("Cache Results") = False

' Run the query.
Set adoRecordset = adoCommand.Execute

' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
    ' Retrieve values and display.
    strUserDN = adoRecordset.Fields("distinguishedname").value
    Set objUser = GetObject("LDAP://"& strUserDN) 
        objUser.AccountDisabled = True
        objUser.SetInfo

    ' Move to the next record in the recordset.
    adoRecordset.MoveNext
Loop

  If strUserDN = "" then
      Msgbox "No user found with the name '"& strSamAccountName &"'"
    Else  Msgbox "The user '"& strSamAccountName &"' disabled successfully..."
   end if

' close ado connections.
adoRecordset.Close
adoConnection.Close

VBScript to Disable Bulk AD users From CSV File

1. Copy the below example VBScript code and paste it in notepad or a VBScript editor.
2. Save the file with a .vbs extension, for example: DisableBulkADUsersFromCSV.vbs
3. Change the CSV file path C:\Users\Administrator\Desktop\All_Users.csv with your own file path.
4. Double-click the VBScript file (or Run this file from command window) to disable Bulk AD users from CSV file.

Note: Your CSV file (All_Users.csv)  should contains the column objectguid as a first column, otherwise you need to change the index value 0 to other value ---> csvUserFields(0)... which depends on your column index of objectguid in CSV file

VBScript to Disable Bulk AD users From CSV File using VBScript
' DisableBulkADUsersFromCSV.vbs
' Sample VBScript to Disable AD Users from CSV file .
' Author: http://www.morgantechspace.com/
' ------------------------------------------------------' 

Option Explicit

Dim strUserGUID,objUser 

' Variables needed for CSV File Information
Dim varFileName,objFSO,objFile,csvUserFields
Const ForReading = 1

' Specify the csv file full path.
varFileName = "C:\Users\Administrator\Desktop\All_Users.csv"

' Open the file for reading.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(varFileName, ForReading)

' Read the first line - csv columns -not needed for our proceess
objFile.ReadLine

' Skip the error if the user doesn't exist.....
on error resume next

' Read the file and create new user.
Do Until objFile.AtEndOfStream
    ' Splits prioperty values.
    csvUserFields = Split(objFile.ReadLine,",")

' All_Users.csv file should contains the column objectguid as first column
' Otherwise you need change the index value 0 to other value here...csvUserFields(0)...
' which depends on your column index of objectguid in CSV file.

     strUserGUID =  csvUserFields(0)
 Set objUser = GetObject("LDAP://<GUID="& strUserGUID &">")
     objUser.AccountDisabled = True
     objUser.SetInfo
Loop

MsgBox("Bulk AD Users Disabled from CSV file using VBScript.")

WScript.Quit 

Advertisements
Advertisements

No comments:

Post a Comment