Script to Disable User Accounts

accountsToDisable.txt

orange
apple
pear
termed user
REM disableAccounts.bat

REM read accountsToDisable.txt and convert names into proper DN entries. Save result into accounts2.txt
for /f "delims=" %A in (accounts.txt) do dsquery user -name "%%A" -s DC01 > accounts2.txt

Rem reads accounts2.txt and disable each account with a description "Disabled by Script"
for /f "delims=" %B in (accounts2.txt) do dsmod -user %%B -disabled yes -desc "Disabled by Script" -s DC01
Powershell method:

# Search for disabled accounts and move them into the Disabled Accounts container
Search -ADAccount -AccountDisabled -UsersOnly -SearchBase "OU=OUName, DC=KIMCONNECT, DC=com" | Move -ADObject -TargetPath "OU=Disabled Accounts, DC=kimconnect,DC=com"
' List Disabled Account.VBS


On Error Resume Next

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000

objCommand.CommandText = _
"<LDAP://dc=westernmutual,dc=local>;(&(objectCategory=User)" & _
"(userAccountControl:1.2.840.113556.1.4.803:=2));Name;Subtree"
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
Wscript.Echo objRecordSet.Fields("Name").Value
objRecordSet.MoveNext
Loop

Leave a Reply

Your email address will not be published. Required fields are marked *