Category Archives: Active Directory

Managing AD Account State

Sometimes the situation arise where an AD account is enabled or disabled by mistake or earlier then its required time. With a lot of companies using automated solutions for managing this, reverting the change can take time. Such urgent situations can be handled by using scripts which could automatically revert the changes to account (enable/disable) every x minutes. All you need to do is to schedule the scripts below to run every x minutes as per your requirements and then keep the input files updated with IDs to action on. Once the changes are permanently fixed, remove the IDs from the input files.  Create two .txt files in say C:\Temp\ folder which would act as input files. One for enable ID and one for disable ID scripts. Populate the required samAccountNames in the relevant files.

Enable IDs:

Option Explicit
On Error Resume Next
Dim ranpass, i, digit, final, Usr, Usrpass, AlphaID, NumericID, EnaUser
Dim oFSO, sFile, oFile, sText, pResult, oFilesys, oFiletxt, sFilename, sPath
Dim objRootDSE, strDNSDomain, objTrans, strNetBIOSDomain
Dim strUserDN, objUser, strempid, strUserNTName, aLine
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oFilesys = CreateObject("Scripting.FileSystemObject")
Set oFiletxt = oFilesys.OpenTextFile("C:\Temp\EnabledIDs.txt",8,True) 
sFile = "C:\Temp\Userlistenable.txt"
If oFSO.FileExists(sFile) Then
Set oFile = oFSO.OpenTextFile(sFile, 1)
 Do While Not oFile.AtEndOfStream
  sText = oFile.ReadLine
  aLine = split(sText, ",")
   If Trim(sText) <> "" Then
                DisableEmp aLine(0)
   End If
 Loop
oFile.Close
Else
WScript.Echo "The file was not there."
End If
Sub DisableEmp (NumericID)
Dim strUserName,strDomain, objSystemInfo
Set objSystemInfo = CreateObject("ADSystemInfo")
strDomain = objSystemInfo.DomainShortName
strUserName = NumericID
DisableUser strUserName,strDomain
End Sub
sub DisableUser(UserName,DomainName)
Dim strDisableAccount
strUserDN = GetUserDN(UserName,DomainName)
strDisableAccount = FALSE
' ------ END CONFIGURATION ---------
set objUser = GetObject("LDAP://" & strUserDN)
if objUser.AccountDisabled = TRUE then
                objUser.AccountDisabled = strDisableAccount
                objUser.SetInfo
                Outfile UserName
end if
end sub
Function GetUserDN(strUserName,strDomain)
                Set objTrans = CreateObject("NameTranslate")
                objTrans.Init 1, strDomain
                objTrans.Set 3, strDomain & "\" & strUserName
                strUserDN = objTrans.Get(1)
                GetUserDN = strUserDN
end function
Sub Outfile(EnaUser)
                oFiletxt.WriteLine(EnaUser)
End Sub

Disable IDs:

Option Explicit
On Error Resume Next
Dim ranpass, i, digit, final, Usr, Usrpass, AlphaID, NumericID, EnaUser
Dim oFSO, sFile, oFile, sText, pResult, oFilesys, oFiletxt, sFilename, sPath
Dim objRootDSE, strDNSDomain, objTrans, strNetBIOSDomain
Dim strUserDN, objUser, strempid, strUserNTName, aLine
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oFilesys = CreateObject("Scripting.FileSystemObject")
Set oFiletxt = oFilesys.OpenTextFile("C:\Temp\DisabledIDs.txt",8,True) 
sFile = "C:\Temp\Userlist.txt"
If oFSO.FileExists(sFile) Then
Set oFile = oFSO.OpenTextFile(sFile, 1)
 Do While Not oFile.AtEndOfStream
  sText = oFile.ReadLine
  aLine = split(sText, ",")
   If Trim(sText) <> "" Then
                DisableEmp aLine(0)
   End If
 Loop
oFile.Close
Else
WScript.Echo "The file was not there."
End If
Sub DisableEmp (NumericID)
Dim strUserName,strDomain, objSystemInfo
Set objSystemInfo = CreateObject("ADSystemInfo")
strDomain = objSystemInfo.DomainShortName
strUserName = NumericID
DisableUser strUserName,strDomain
End Sub
sub DisableUser(UserName,DomainName)
Dim strDisableAccount
strUserDN = GetUserDN(UserName,DomainName)
strDisableAccount = TRUE
' ------ END CONFIGURATION ---------
set objUser = GetObject("LDAP://" & strUserDN)
if objUser.AccountDisabled = FALSE then
                objUser.AccountDisabled = strDisableAccount
                objUser.SetInfo
                Outfile UserName
end if
end sub
Function GetUserDN(strUserName,strDomain)
                Set objTrans = CreateObject("NameTranslate")
                objTrans.Init 1, strDomain
                objTrans.Set 3, strDomain & "\" & strUserName
                strUserDN = objTrans.Get(1)
                GetUserDN = strUserDN
end function
Sub Outfile(EnaUser)
                oFiletxt.WriteLine(EnaUser)
End Sub

This can be scheduled on one of the domain controllers.

Advertisements