Recipe 6.13 Finding Disabled Users

6.13.1 Problem

You want to find disabled users in a domain.

6.13.2 Solution Using a graphical user interface
  1. Open the Active Directory Users and Computers snap-in.

  2. In the left pane, connect to the domain you want to query.

  3. Right-click on the domain and select Find.

  4. Beside Find, select Common Queries.

  5. Check the box beside "disabled accounts."

  6. Click the Find Now button. Using a command-line interface
> dsquery user <DomainDN> -disabled Using VBScript
' This code finds all disabled user accounts in a domain. ' ------ SCRIPT CONFIGURATION ------ strDomainDN = "<DomainDN>"    ' e.g. dc=rallencorp,dc=com ' ------ END CONFIGURATION --------- strBase   = "<LDAP://" & strDomainDN & ">;" strFilter = "(&(objectclass=user)(objectcategory=person)" & _              "(useraccountcontrol:1.2.840.113556.1.4.803:=2));"  strAttrs  = "name;" strScope  = "subtree" set objConn = CreateObject("ADODB.Connection") objConn.Provider = "ADsDSOObject" objConn.Open "Active Directory Provider" set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope) objRS.MoveFirst while Not objRS.EOF     Wscript.Echo objRS.Fields(0).Value     objRS.MoveNext wend

6.13.3 Discussion

Users in Active Directory can either be enabled or disabled. A disabled user cannot log in to the domain. Unlike account lockout, which is an automatic process that is based on the number of times a user incorrectly enters a password, an account has to be manually enabled or disabled.

All disabled user accounts have the bit that represents 2 (0010) set in their userAccountControl attribute. This doesn't mean that the attribute will be equal to 2, it just means that the bit that equals 2 will be enabled other bits may also be set. See Recipe 4.9 and Recipe 4.12 for a more detailed explanation of bit flags.

6.13.4 See Also

Recipe 6.12 for enabling and disabling users

Active Directory Cookbook
Active Directory Cookbook, 3rd Edition
ISBN: 0596521103
EAN: 2147483647
Year: 2006
Pages: 456

Similar book on Amazon © 2008-2017.
If you may any questions please contact us: