VB Script to isolate inactive computer accounts in AD - Simple Version

Discussion in 'Scripting' started by Eric Wu, Sep 1, 2004.

  1. Eric Wu

    Eric Wu Guest

    Hi All,
    Following is my script and part of instruction in simple version. Hope
    this is helpful for you.Thank you for you time, and sorry for my bad
    english.

    best regards,

    Eric wu
    Senior Engineer
    IT Div. , Alphanetworks Taiwan
    E-mail:



    '' This script is designed to find inactive computer accounts in specified
    AD domain.
    '' Once it found inactive computer accounts, it will move it to a specified
    OU.
    '' The "Inactive" condition is based on "PwdLastChange" properity of
    computer object.
    '' A domain member computers will change it's password every 30 days by
    default, except you disable this feature
    '' on individual computer or through group policy. If you disabled this
    feature on most computers in your domain,
    '' don't use this scriptto clear inactive computer accounts in your AD
    domain.
    '' Any suggestion or feedback will be greatly appreciated.
    '' If it found the time difference is less than specified value, it will
    move it back to default computers container.
    '' You muct create the ou before ypou run this script
    '' Writer:
    '' Eric wu,§d¥ú½÷
    '' Senior Engineer
    '' IT Div. , Alphanetworks Taiwan
    '' E-mail: or



    Option Explicit
    On Error Resume Next
    Const ADS_SCOPE_SUBTREE = 2
    Dim
    objConnection,objCommand,objRecordSet,objNewOU,objComputer,objOriComputer
    Dim strDomain
    Dim strDestOU
    Dim intConfirm
    Dim intDuration
    strDomain="DC=nwtraders,DC=com,DC=tw" 'Write your domain here
    strDestOU="OU=InactiveComputers" 'Write your OU here
    intDuration = 45 'Default is 45 days, if you want delete inactive computer
    accounts, please use 60
    'Also, please backup you AD before you delete these accounts manually!

    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand = CreateObject("ADODB.Command")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"

    Set objCOmmand.ActiveConnection = objConnection
    'Retrieve all computer object in specified domain
    objCommand.CommandText = "Select Name,DistinguishedName from 'LDAP://" &
    strDomain & _
    "' where objectClass='computer'"
    objCommand.Properties("Page Size") = 1500
    objCommand.Properties("Timeout") = 30
    objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
    objCommand.Properties("Cache Results") = False

    Set objRecordSet = objCommand.Execute
    'Failed when domain name error.
    If Err.Number <> 0 Then Wscript.Quit


    Set objNewOU = GetObject("LDAP://" & strDestOU & "," & strDomain)
    'Failed when specified OU does not exist.
    If Err.Number <> 0 Then Wscript.Quit

    'Used when move computer accounts back to default computers container
    Set objOriComputer = GetObject("LDAP://CN=Computers," & strDomain)


    objRecordSet.MoveFirst
    Dim
    dtmValue,intDateDiff,intSuccessCount,intErrorCount,intNotMoveCount,intMoveBa
    ck,objMoveComputer
    intSuccessCount = 0
    intErrorCount = 0
    intNotMoveCount = 0
    intMoveBack = 0

    Do While not objRecordSet.EOF
    'Retrieve each computer object and get PasswordLastChanged property.
    Set objComputer = GetObject("LDAP://" &
    objRecordSet.Fields("DistinguishedName").Value)
    dtmValue = CDate(objComputer.PasswordLastChanged)


    'Check time difference by day.
    intDateDiff=CInt(Now - dtmValue)

    If CInt(intDateDiff) > intDuration Then
    'Try to move computer object if not in specified OU.
    If
    InStr(UCase(objRecordSet.Fields("DistinguishedName").Value),UCase(strDestOU)
    & ",") = 0 Then
    Set objMoveComputer = objNewOU.MoveHere _
    ("LDAP://" &
    objRecordSet.Fields("DistinguishedName").Value,"CN=" &_
    objRecordSet.Fields("Name").Value)
    If Err.Number = 0 Then
    intSuccessCount = intSuccessCount + 1
    Else

    intErrorCount = intErrorCount + 1
    End If
    Else
    intNotMoveCount = intNotMoveCount + 1
    End If
    Else
    'Try to move computer account back to specified OU if time difference less
    than specified value
    If
    InStr(UCase(objRecordSet.Fields("DistinguishedName").Value),UCase(strDestOU)
    & ",") <> 0 Then
    Set objMoveComputer = objOriComputer.MoveHere _
    ("LDAP://" &
    objRecordSet.Fields("DistinguishedName").Value,"CN=" &_
    objRecordSet.Fields("Name").Value)

    If Err.Number = 0 Then

    intMoveBack = intMoveBack +1
    Else
    intErrorCount = intErrorCount + 1
    End If
    End If

    End If

    objRecordSet.MoveNext
    Err.Clear

    Loop

    Wscript.Echo "Move Result:" & Chr(13) &_
    intSuccessCount & "computer(s) moved successfully¡A" & intErrorCount & "
    Failed¡C" & Chr(13) & _
    intNotMoveCount & " is already in specified OU,"& intMoveBack & " moved
    back to default computers container¡C"
     
    Eric Wu, Sep 1, 2004
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.