Disable Inactive users

Discussion in 'Scripting' started by Joseph, Nov 27, 2006.

  1. Joseph

    Joseph Guest

    Howdy List,

    I have this script modified to disable 30 days inactive users, but the code
    i copied on technet seems won't work, any help would be appreciated.


    Option Explicit

    Dim objRootDSE, strConfig, objConnection, objCommand, strQuery
    Dim objRecordSet, objDC
    Dim strDNSDomain, objShell, lngBiasKey, lngBias, k, arrstrDCs()
    Dim strDN, dtmDate, objDate, lngDate, objList, strUser
    Dim strBase, strFilter, strAttributes, lngHigh, lngLow
    Dim strDisplayName, strUserInfo, strkey, colkeys

    '------------------------------------------------------------------
    ' Use a dictionary object to track latest lastLogon for each user.
    '------------------------------------------------------------------


    Set objList = CreateObject("Scripting.Dictionary")
    objList.CompareMode = vbTextCompare


    '-------------------------------------------------------------------
    ' Obtain local Time Zone bias from machine registry.
    '-------------------------------------------------------------------

    Set objShell = CreateObject("Wscript.Shell")
    lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
    & "TimeZoneInformation\ActiveTimeBias")
    If UCase(TypeName(lngBiasKey)) = "LONG" Then
    lngBias = lngBiasKey
    ElseIf UCase(TypeName(lngBiasKey)) = "VARIANT()" Then
    lngBias = 0
    For k = 0 To UBound(lngBiasKey)
    lngBias = lngBias + (lngBiasKey(k) * 256^k)
    Next
    End If

    '--------------------------------------------------------------------
    ' Determine configuration context and DNS domain from RootDSE object.
    '----------------------------------------------------------------------

    Set objRootDSE = GetObject("LDAP://RootDSE")
    strConfig = objRootDSE.Get("configurationNamingContext")
    strDNSDomain = objRootDSE.Get("defaultNamingContext")

    '--------------------------------------------------------------------
    ' Use ADO to search Active Directory for ObjectClass nTDSDSA.
    ' This will identify all Domain Controllers.
    '--------------------------------------------------------------------

    Set objCommand = CreateObject("ADODB.Command")
    Set objConnection = CreateObject("ADODB.Connection")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"
    objCommand.ActiveConnection = objConnection

    strBase = "<LDAP://" & strConfig & ">"
    strFilter = "(objectClass=nTDSDSA)"
    strAttributes = "AdsPath"
    strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

    objCommand.CommandText = strQuery
    objCommand.Properties("Page Size") = 100
    objCommand.Properties("Timeout") = 60
    objCommand.Properties("Cache Results") = False

    Set objRecordSet = objCommand.Execute


    '----------------------------------------------------------------------
    ' Enumerate parent objects of class nTDSDSA. Save Domain Controller
    ' AdsPaths in dynamic array arrstrDCs.
    '----------------------------------------------------------------------

    k = 0
    Do Until objRecordSet.EOF
    Set objDC = _
    GetObject(GetObject(objRecordSet.Fields("AdsPath")).Parent)
    ReDim Preserve arrstrDCs(k)
    arrstrDCs(k) = objDC.DNSHostName
    k = k + 1
    objRecordSet.MoveNext
    Loop


    '----------------------------------------------------------------------
    ' Retrieve lastLogon attribute for each user on each Domain Controller.
    '----------------------------------------------------------------------

    For k = 0 To Ubound(arrstrDCs)
    strBase = "<LDAP://" & arrstrDCs(k) & "/" & strDNSDomain & ">"
    strFilter = "(& (objectCategory=person)(objectClass=user))"

    strAttributes = "distinguishedName,lastLogon,displayName"
    strQuery = strBase & ";" & strFilter & ";" & strAttributes _
    & ";subtree"
    objCommand.CommandText = strQuery
    On Error Resume Next

    Set objRecordSet = objCommand.Execute
    If Err.Number <> 0 Then
    On Error GoTo 0
    Wscript.Echo "Domain Controller not available: " & arrstrDCs(k)
    Else
    On Error GoTo 0
    Do Until objRecordSet.EOF
    'strDisplayName = objRecordSet.Fields("displayName")
    strDN = objRecordSet.Fields("distinguishedName")
    lngDate = objRecordSet.Fields("lastLogon")
    'strUserInfo = strDN & ", " & strDisplayName
    strUserInfo = strDN
    On Error Resume Next

    Set objDate = lngDate
    If Err.Number <> 0 Then
    On Error GoTo 0
    dtmDate = #1/1/1601#
    Else
    On Error GoTo 0
    lngHigh = objDate.HighPart
    lngLow = objDate.LowPart
    If lngLow < 0 Then
    lngHigh = lngHigh + 1
    End If
    If (lngHigh = 0) And (lngLow = 0 ) Then
    dtmDate = #1/1/1601#
    Else
    dtmDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
    + lngLow)/600000000 - lngBias)/1440
    End If
    End If

    If objList.Exists(strUserInfo) Then
    If dtmDate > objList(strUserInfo) Then
    objList(strUserInfo) = dtmDate
    End If
    Else
    objList.Add strUserInfo, dtmDate
    End If
    objRecordSet.MoveNext
    Loop
    End If
    Next


    '--------------------------------------------
    ' For each user check for 30 day's threshold
    ' and disable for every user that didn't meet
    ' the threshold.
    ' Output latest lastLogon date for each user.
    ' Set to TRUE to disable account or FALSE to enable account
    '-----------------------------------------------------------


    Const ADS_UF_ACCOUNTDISABLE = 2


    For Each strUser In objList

    If Date - objList(strUser) >= 30 Then

    'Wscript.Echo strUser & " ; " & objList(strUserInfo)

    '====================== Doesn't work from here ======================

    'Set objUser = GetObject("LDAP://strUser")
    'intUAC = objUser.Get("userAccountControl")

    'objUser.Put "userAccountControl", intUAC OR ADS_UF_ACCOUNTDISABLE
    'objUser.SetInfo

    '======================= Till here ===============================
    Wscript.Echo strUser


    End If

    Next





    '-----------------------------------------
    ' Clean up.
    '-----------------------------------------
    objConnection.Close
    Set objRootDSE = Nothing
    Set objConnection = Nothing
    Set objCommand = Nothing
    Set objRecordSet = Nothing
    Set objDC = Nothing
    Set objDate = Nothing
    Set objList = Nothing
    Set objShell = Nothing

    '--------------------8<----------------------
     
    Joseph, Nov 27, 2006
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.