Archived from groups: microsoft.public.win2000.active_directory (
More info?)
The following vbscript code should be a good starting point. Make sure you
change the XXX, YYY, ZZZ to your specific base DN.
'------------------------------------------------------------------
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
cmdText =
"<LDAP://DC=XXX,DC=YYY,DC=ZZZ>;(objectCategory=person);sAMAccountName,userAc
countControl;subtree"
objCommand.CommandText = cmdText
Set rs = objCommand.Execute
While not rs.EOF
Wscript.echo rs("sAMAccountName"), Hex(rs("userAccountControl"))
rs.MoveNext
Wend
'-------------------------------------------------------------------
NOTE that disabled users will show up as having "2" as the last Hex digit in
userAccountControl
"KurtL" <KL_OExpress@spamex.com> wrote in message
news:%23FLbsmgNFHA.2520@tk2msftngp13.phx.gbl...
> Thank you for this information. However, I am not knowledgeable enough to
> know how to use it. Is there a script that I would use to do the query?
>
> "Ato Bisda" <atobisda@gmail.com> wrote in message
> news:%23tiG6fgNFHA.2580@TK2MSFTNGP09.phx.gbl...
> > You need to look at 2 fields: "userAccountControl" and "whenChanged"
> >
> > A 0x2 in userAccountControl indicates a disabled account. "whenChanged"
> > should tell you when the account was disabled.
> >
> > "Kurt Levitan" <KL_OExpress@spamex.com> wrote in message
> > news:O1Eq9WgNFHA.2384@tk2msftngp13.phx.gbl...
> >> Is there a way to query when a user account was disabled?
> >> I need to generate a list of all accounts that were disabled over 30
days
> >> ago and then delete them.
> >>
> >> Thanks!
> >> - Kurt
> >>
> >>
> >
> >
>
>
Facebook
Twitter
Instagram