1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112
| '#==============================================================================
'#==============================================================================
'# SCRIPT.........: DisableAccounts.vbs
'# AUTHOR.........: Stuart Barrett
'# VERSION........: 1.0
'# CREATED........: 28/09/2012
'# LICENSE........: Freeware
'# REQUIREMENTS...:
'#
'# DESCRIPTION....: Disables all user accounts as specified in text file,
'# saves results to log file
'#
'# NOTES..........: Text file should be in format:
'#
'# username1
'# username2
'# etc.
'#
'# CUSTOMIZE......:
'#==============================================================================
'# REVISED BY.....:
'# EMAIL..........:
'# REVISION DATE..:
'# REVISION NOTES.:
'#==============================================================================
'#==============================================================================
strFile = "c:\users.txt"
strLogFile = "c:\disabledusers.log"
Const ForReading = 1
Const ForAppending = 8
Const ADS_UF_ACCOUNTDISABLE = &H02
intCount = 0
intDisabledCount = 0
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFile, ForReading)
Set objLogFile = objFSO.OpenTextFile(strLogFile, ForAppending, True)
On Error Resume Next
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
Set objCommand.ActiveConnection = objConnection
strBase = "<LDAP://" & strDNSDomain & ">"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
booLogging = MsgBox("This script will attempt to Disabled all user accounts as specified in the text file '" & _
strFile & "' " & vbCrLf & vbCrLf & "Would you like to append the results to the log file located at '" & _
strLogFile & "'? ", vbYesNo+vbQuestion, "Disable Accounts")
If booLogging = vbYes Then
booLogging = True
strLogMsg = "The log file can be located at: '" & strLogFile & "'"
Else booLogging = False
End If
While not objFile.AtEndOfStream
strUser = objFile.Readline
strFilter = "(sAMAccountName=" & strUser & ")"
strAttributes = "distinguishedName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
Set objRecordset = objCommand.Execute
Do Until objRecordset.EOF
strUserDN = objRecordset.Fields("distinguishedName").Value
objRecordset.MoveNext
Loop
objRecordset.Close
Set objUser = GetObject("LDAP://" & strUserDN)
intUACFlag = objUser.Get("UserAccountControl")
If (intUACFlag AND ADS_UF_ACCOUNTDISABLE) = 0 Then
objUser.Put "userAccountControl", 514
objUser.SetInfo
Set objUser = Nothing
If booLogging = True Then objLogFile.WriteLine Now() & vbTab & strUser & vbTab & "Disabled Account"
intCount = intCount + 1
Else
intDisabledCount = intDisabledCount + 1
strMsg = " * " & strUser & vbCrLf & strMsg
If booLogging = True Then objLogFile.WriteLine Now() & vbTab & strUser & vbTab & "Already Disabled"
End If
WEnd
If intDisabledCount <> 0 Then
WScript.Echo "Disabled " & intCount & " user accounts. " & strLogMsg & vbCrLf & vbCrLf & _
"The following accounts were already disabled: " & vbCrLf & strMsg
Else
WScript.Echo "Disabled all " & intCount & " user accounts. " & strLogMsg
End If |
Partager