Question : Move disabled accounts to specific OU

Hi,

if found this script by chandru_sol. It should move all the disabled users of a domain into the desired OU.

My question: when the OU is within this domain, does the script copy the disabled user of this OU into itself? 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:

Dim objConnection, objCommand, objRootDSE  
 
Dim strDNSDomain, strFilter, strQuery, objRecordSet, strDN  

Dim strOUpath,objNewOU,objUser

Dim intFlag  
 
Const ADS_UF_ACCOUNTDISABLE = &H02  
 
' Use ADO to search the domain for all users.  
 
Set objConnection = CreateObject("ADODB.Connection")  
 
Set objCommand = CreateObject("ADODB.Command")  
 
objConnection.Provider = "ADsDSOOBject"  
 
objConnection.Open "Active Directory Provider"  
 
Set objCommand.ActiveConnection = objConnection  
 
' Determine the DNS domain from the RootDSE object.  
 
Set objRootDSE = GetObject("LDAP://RootDSE")  
 
strDNSDomain = objRootDSE.Get("DefaultNamingContext")  
 
strFilter = "(&(objectCategory=person)(objectClass=user))"  
 
strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter & ";distinguishedName,userAccountControl;subtree"  
 
objCommand.CommandText = strQuery  
 
objCommand.Properties("Page Size") = 100  
 
objCommand.Properties("Timeout") = 30  
 
objCommand.Properties("Cache Results") = False  
 
' Enumerate all users. Check if account disabled.  
 
Set objRecordSet = objCommand.Execute  
 
Do Until objRecordSet.EOF  
 
strDN = objRecordSet.Fields("distinguishedName")  
 
intFlag = objRecordSet.Fields("userAccountControl")  
 
If (intFlag And ADS_UF_ACCOUNTDISABLE) <> 0 Then  

Set objUser = GetObject("LDAP://" & strDN)

Set objNewOU = GetObject("LDAP://ou=Disabled Accounts," & objRootDSE.Get("defaultNamingContext"))
objNewOU.MoveHere objUser.ADsPath, vbNullString
 
Else  

End If  
 
objRecordSet.MoveNext  
 
Loop  
 
' Clean up
objConnection.Close  
 
Wscript.Echo "Done"
Wscript.quit

Answer : Move disabled accounts to specific OU

Hi there,

This should do that. I have created an array called arrOUs that only lists the two OUs you have circle, and I have modified the part that specifies the 03-DISABLED-USERS OU to match your structure.

I am assuming that MWZ-FM.COM is the same current domain that your computer is on?  If not, and you are on a different domain, then uncomment this line:

'strDNSDomain = "DC=MWZ-FM,DC=COM"

by removing the apostrophe at the front, and then the script will point specifically to that domain.

Regards,

Rob.
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:

Dim objConnection, objCommand, objRootDSE  
Dim strDNSDomain, strFilter, strQuery, objRecordSet, strDN 
Dim strOUpath,objNewOU,objUser
Dim intFlag  
Const ADS_UF_ACCOUNTDISABLE = &H02  
' Use ADO to search the domain for all users.  
Set objConnection = CreateObject("ADODB.Connection")  
Set objCommand = CreateObject("ADODB.Command")  
objConnection.Provider = "ADsDSOOBject"  
objConnection.Open "Active Directory Provider"  
Set objCommand.ActiveConnection = objConnection  
' Determine the DNS domain from the RootDSE object.  
Set objRootDSE = GetObject("LDAP://RootDSE")  
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
'strDNSDomain = "DC=MWZ-FM,DC=COM"
strFilter = "(&(objectCategory=person)(objectClass=user))"  

' Each string must have a trailing comma
arrOUs = Array( _
	"OU=11-USERS,", _
	"OU=12-EXCHANGE USER MIGRIERT," _
	)

For Each strOU In arrOUs
	strQuery = "<LDAP://" & strOU & strOU & strDNSDomain & ">;" & strFilter & ";distinguishedName,userAccountControl;subtree"  
	objCommand.CommandText = strQuery  
	objCommand.Properties("Page Size") = 100  
	objCommand.Properties("Timeout") = 30  
	objCommand.Properties("Cache Results") = False  
	' Enumerate all users. Check if account disabled.  
	Set objRecordSet = objCommand.Execute
	Do Until objRecordSet.EOF  
		strDN = objRecordSet.Fields("distinguishedName")  
		intFlag = objRecordSet.Fields("userAccountControl")  
		If (intFlag And ADS_UF_ACCOUNTDISABLE) <> 0 Then 
			Set objUser = GetObject("LDAP://" & strDN)
			Set objNewOU = GetObject("LDAP://OU=03-DISABLED-USERS,OU=93-DISABLED-OBJECTS," & strDNSDomain)
			objNewOU.MoveHere objUser.ADsPath, vbNullString
		End If  
		objRecordSet.MoveNext  
	Loop  
Next
' Clean up
objConnection.Close  
Wscript.Echo "Done"
Wscript.quit
Random Solutions  
 
programming4us programming4us