Recipe 6.12 Enabling and Disabling a User

6.12.1 Problem

You want to enable or disable a user.

6.12.2 Solution

6.12.2.1 Using a graphical user interface
  1. Open the Active Directory Users and Computers snap-in.

  2. In the left pane, right-click on the domain and select Find.

  3. Select the appropriate domain beside In.

  4. Type the name of the user beside Name and click Find Now.

  5. In the Search Results, right-click on the user and select Enable Account to enable or Disable Account to disable.

  6. Click OK.

6.12.2.2 Using a command-line interface

To enable a user, use the following command:

> dsmod user <UserDN> -disabled no

To disable a user, use the following command:

> dsmod user <UserDN> -disabled yes
6.12.2.3 Using VBScript
' This code will enable or disable a user. ' ------ SCRIPT CONFIGURATION ------ ' Set to FALSE to disable account or TRUE to enable account strDisableAccount = FALSE   strUserDN = "<UserDN>" ' e.g. cn=jsmith,cn=Users,dc=rallencorp,dc=com ' ------ END CONFIGURATION --------- set objUser = GetObject("LDAP://" & strUserDN) if objUser.AccountDisabled = TRUE then    WScript.Echo "Account for " & objUser.Get("cn") & " currently disabled"    if strDisableAccount = FALSE then       objUser.AccountDisabled = strDisableAccount       objUser.SetInfo       WScript.Echo "Account enabled"    end if else    WScript.Echo "Account currently enabled"    if strDisableAccount = TRUE then       objUser.AccountDisabled = strDisableAccount       objUser.SetInfo       WScript.Echo "Account disabled"    end if end if

6.12.3 Discussion

Account status is used to control if a user is allowed to log on or not. When an account is disabled, the user is not allowed to log on to her workstation with the account or access AD controlled resources. Much like the lockout status, the account status is stored as a flag in the userAccountControl attribute (see Recipe 6.24).

There is an IADsUser::AccountDisabled property that allows you to determine and change the status. Set the method FALSE to enable the account or TRUE to disable.

6.12.4 See Also

Recipe 6.13 for finding disabled users, and Recipe 6.24 for more on the userAccountControl attribute



Active Directory Cookbook
Active Directory Cookbook, 3rd Edition
ISBN: 0596521103
EAN: 2147483647
Year: 2006
Pages: 456

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net