ProblemYou want to enable or disable a user. SolutionUsing a graphical user interfaceFor a local account, do the following:
For a domain account, do the following:
Using a command-line interfaceUse the net user command to enable or disable local users. The following command enables a user: > net user <UserName> /active:y The following command disables the rallen user: > net user rallen /active:n To enable a user in Active Directory, use the following command: > dsmod user <UserDN> -disabled no For example: > dsmod user cn=rallen,cn=users,dc=rallencorp,dc=com -disabled no To disable a user in Active Directory, use the following command: > dsmod user <UserDN> -disabled yes Using VBScript' This code enables or disables a user on a computer. ' ------ SCRIPT CONFIGURATION ------ ' Set to FALSE to disable account or TRUE to enable account strDisableAccount = FALSE strUserName = "<UserName>" ' e.g. rallen strComputer = "<ComputerName>" ' ------ END CONFIGURATION --------- set objUser = GetObject("WinNT://" & strComputer & "/" & strUserName) if objUser.AccountDisabled = TRUE then WScript.Echo "Account for " & objUser.Name & " currently disabled" if strDisableAccount = FALSE then objUser.AccountDisabled = strDisableAccount objUser.SetInfo WScript.Echo "Account enabled" end if else WScript.Echo "Account currently enabled" if strDisableAccount = TRUE then objUser.AccountDisabled = strDisableAccount objUser.SetInfo WScript.Echo "Account disabled" end if end if ' This code enables or disables a user in Active Directory. ' ------ SCRIPT CONFIGURATION ------ ' Set to FALSE to disable account or TRUE to enable account strDisableAccount = FALSE strUserDN = "<UserDN>" ' e.g. cn=jsmith,cn=Users,dc=rallencorp,dc=com ' ------ END CONFIGURATION --------- set objUser = GetObject("LDAP://" & strUserDN) if objUser.AccountDisabled = TRUE then WScript.Echo "Account for " & objUser.Get("cn") & " currently disabled" if strDisableAccount = FALSE then objUser.AccountDisabled = strDisableAccount objUser.SetInfo WScript.Echo "Account enabled" end if else WScript.Echo "Account currently enabled" if strDisableAccount = TRUE then objUser.AccountDisabled = strDisableAccount objUser.SetInfo WScript.Echo "Account disabled" end if end if DiscussionA user's account status dictates whether she can log on to a system. When an account is disabled, the user is not allowed to log on to a workstation or access Active Directory controlled resources. Much like the lockout status, the account status for Active Directory accounts is stored as a flag in the userAccountControl attribute (see Recipe 15.7). Using VBScriptThere is an IADsUser::AccountDisabled property that allows you to determine and change the account status of a user. Set the method to FALSE to enable an account or to TRUE to disable it. See AlsoRecipe 15.7 for more on the userAccountControl attribute |