Active directory can be a bit of a beast if not managed and maintained correctly. Using this code in a .vbs file you can output all currently disabled accounts.
You may want to expand this by using the file system object to output to a file?
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
Const ADS_UF_ACCOUNTDISABLE = 2 Set objConnection = CreateObject("ADODB.Connection") objConnection.Open "Provider=ADsDSOObject;" Set objCommand = CreateObject("ADODB.Command") objCommand.ActiveConnection = objConnection objCommand.CommandText = _ "<gc: //dc=yourdomain,dc=com>;(objectCategory=User)" & _ ";userAccountControl,distinguishedName;subtree" Set objRecordSet = objCommand.Execute intCounter = 0 Do Until objRecordset.EOF </gc:> |