Dim objConnection, objCommand, objRootDSE
Dim strDNSDomain, strFilter, strQuery, objRecordSet, strDN
Dim strOUpath,objNewOU,objUser
Dim intFlag
Const ADS_UF_ACCOUNTDISABLE = &H02
' Use ADO to search the domain for all users.
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
' Determine the DNS domain from the RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
'strDNSDomain = "DC=MWZ-FM,DC=COM"
strFilter = "(&(objectCategory=person)(objectClass=user))"
' Each string must have a trailing comma
arrOUs = Array( _
"OU=11-USERS,", _
"OU=12-EXCHANGE USER MIGRIERT," _
)
For Each strOU In arrOUs
strQuery = "<LDAP://" & strOU & strOU & strDNSDomain & ">;" & strFilter & ";distinguishedName,userAccountControl;subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
' Enumerate all users. Check if account disabled.
Set objRecordSet = objCommand.Execute
Do Until objRecordSet.EOF
strDN = objRecordSet.Fields("distinguishedName")
intFlag = objRecordSet.Fields("userAccountControl")
If (intFlag And ADS_UF_ACCOUNTDISABLE) <> 0 Then
Set objUser = GetObject("LDAP://" & strDN)
Set objNewOU = GetObject("LDAP://OU=03-DISABLED-USERS,OU=93-DISABLED-OBJECTS," & strDNSDomain)
objNewOU.MoveHere objUser.ADsPath, vbNullString
End If
objRecordSet.MoveNext
Loop
Next
' Clean up
objConnection.Close
Wscript.Echo "Done"
Wscript.quit
|