Computer Disabled?

TheMSsForum.com: The Microsoft Software Forum

Is there a way to find all the disabled computer is AD?
Top

Re: Computer Disabled? by Richard

Richard
Tue Jan 20 13:10:55 CST 2004

Nabu wrote:

> Is there a way to find all the disabled computer is AD?

Hi,

Best would be to use ADO to search AD for all computer objects with the
appropriate bit of the userAccountControl attribute set to indicate that the
account is disabled. The filter would be (watch line wrapping):

(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803=2))

For disabled users accounts, the filter would be:

(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.11355
6.1.4.803=2))

The complete code could be as below. This is designed to be run at a command
prompt with the cscript host. The output should be redirected to a text
file. In the example code below I output both the sAMAccountName (the
NetBIOS name, or NT name of the computer) and the Distinguished Name:

Option Explicit

Dim objRootDSE, strDNSDomain, objCommand, objConnection
Dim strBase, strFilter, strAttributes, strQuery, objRecordSet
Dim strDN, stNTName

' Determine DNS domain name.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

' Use ADO to search Active Directory.
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection
strBase = "<LDAP://" & strDNSDomain & ">"

strFilter = "(&(objectCategory=computer)" _
& "(userAccountControl:1.2.840.113556.1.4.803=2))"
strAttributes = "distinguishedName,sAMAccountName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute

Do Until objRecordSet.EOF
strDN = objRecordSet.Fields("distinguishedName")
strNTName = objRecordSet.Fields("sAMAccountName")
Wscript.Echo strNTName & " - " & strDN
objRecordSet.MoveNext
Loop

' Clean up.
objConnection.Close
Set objRootDSE = Nothing
Set objCommand = Nothing
Set objConnection = Nothing
Set objRecordSet = Nothing

--
Richard
Microsoft MVP Scripting and ADSI
HilltopLab web site - http://www.rlmueller.net
--


Top

Re: Computer Disabled? by Nabu

Nabu
Tue Jan 20 20:29:12 CST 2004

Thanks, I will give it a try.

I have notice the property useraccountcontrol before, but I have not been
able to find any documentation on it. Do you know were I can find some?

"Richard Mueller [MVP]" <rlmueller-NOSPAM@ameritech.NOSPAM.net> wrote in
message news:%23CJ4lm43DHA.2700@tk2msftngp13.phx.gbl...
> Nabu wrote:
>
> > Is there a way to find all the disabled computer is AD?
>
> Hi,
>
> Best would be to use ADO to search AD for all computer objects with the
> appropriate bit of the userAccountControl attribute set to indicate that
the
> account is disabled. The filter would be (watch line wrapping):
>
> (&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803=2))
>
> For disabled users accounts, the filter would be:
>
>
(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.11355
> 6.1.4.803=2))
>
> The complete code could be as below. This is designed to be run at a
command
> prompt with the cscript host. The output should be redirected to a text
> file. In the example code below I output both the sAMAccountName (the
> NetBIOS name, or NT name of the computer) and the Distinguished Name:
>
> Option Explicit
>
> Dim objRootDSE, strDNSDomain, objCommand, objConnection
> Dim strBase, strFilter, strAttributes, strQuery, objRecordSet
> Dim strDN, stNTName
>
> ' Determine DNS domain name.
> Set objRootDSE = GetObject("LDAP://RootDSE")
> strDNSDomain = objRootDSE.Get("defaultNamingContext")
>
> ' Use ADO to search Active Directory.
> Set objCommand = CreateObject("ADODB.Command")
> Set objConnection = CreateObject("ADODB.Connection")
> objConnection.Provider = "ADsDSOObject"
> objConnection.Open "Active Directory Provider"
> objCommand.ActiveConnection = objConnection
> strBase = "<LDAP://" & strDNSDomain & ">"
>
> strFilter = "(&(objectCategory=computer)" _
> & "(userAccountControl:1.2.840.113556.1.4.803=2))"
> strAttributes = "distinguishedName,sAMAccountName"
> strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
> objCommand.CommandText = strQuery
> objCommand.Properties("Page Size") = 100
> objCommand.Properties("Timeout") = 30
> objCommand.Properties("Cache Results") = False
> Set objRecordSet = objCommand.Execute
>
> Do Until objRecordSet.EOF
> strDN = objRecordSet.Fields("distinguishedName")
> strNTName = objRecordSet.Fields("sAMAccountName")
> Wscript.Echo strNTName & " - " & strDN
> objRecordSet.MoveNext
> Loop
>
> ' Clean up.
> objConnection.Close
> Set objRootDSE = Nothing
> Set objCommand = Nothing
> Set objConnection = Nothing
> Set objRecordSet = Nothing
>
> --
> Richard
> Microsoft MVP Scripting and ADSI
> HilltopLab web site - http://www.rlmueller.net
> --
>
>


Top

Re: Computer Disabled? by Richard

Richard
Wed Jan 21 11:56:43 CST 2004

Nabu wrote:

> I have notice the property useraccountcontrol before, but I have not been
> able to find any documentation on it. Do you know were I can find some?

Hi,

Example code:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/scrguide/sas_usr_hhdp.asp

Documentation of the bits of userAccountControl:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/ads_user_flag_enum.asp

--
Richard
Microsoft MVP Scripting and ADSI
HilltopLab web site - http://www.rlmueller.net
--


Top