Recipe 16.7. Enabling and Disabling a User AccountProblemYou want to enable or disable a user. SolutionUsing a graphical user interface
Using a command-line interfaceTo enable a user, use the following command: > dsmod user <UserDN> -disabled no To disable a user, use the following command: > dsmod user <UserDN> -disabled yes Using VBScript' This code will enable or disable a user. ' ------ SCRIPT CONFIGURATION ------ ' Set to FALSE to disable account or TRUE to enable account strDisableAccount = FALSE strUserDN = "<UserDN>" ' e.g., cn=jsmith,cn=Users,dc=rallencorp,dc=com ' ------ END CONFIGURATION --------- set objUser = GetObject("LDAP://" & strUserDN) if objUser.AccountDisabled = TRUE then WScript.Echo "Account for " & objUser.Get("cn") & " currently disabled" if strDisableAccount = FALSE then objUser.AccountDisabled = strDisableAccount objUser.SetInfo WScript.Echo "Account enabled" end if else WScript.Echo "Account currently enabled" if strDisableAccount = TRUE then objUser.AccountDisabled = strDisableAccount objUser.SetInfo WScript.Echo "Account disabled" end if end if DiscussionAccount status is used to control whether a user is allowed to log on. When an account is disabled, the user is not allowed to log on to her workstation with the account or access Active Directory-controlled resources. Much like the lockout status, the account status is stored as a flag in the userAccountControl attribute (see Recipe 16.9). There is an IADsUser::AccountDisabled property that allows you to determine and change the status. Set the method FALSE to enable the account or TRUE to disable. See AlsoRecipe 16.9 |