On 11/15/2010 12:26 PM, Brian Desmond wrote: > You have to pass userAccountControl over because uacSet:2 is actually doing > an OR - (userAccountrControl OR 2) => userAccountControl. I imagine you > should be able to do the move in the same operation.
Actually, it didn't seem to work (perhaps I should say it didn't do what I needed it to do). This, however, did work the way I was hoping: Z:\>adfind -default -f "&(objectcategory=computer)(name=2012-ACD)" useraccountcontrol -adcsv | admod -sc ad-disable -move ou=DISABLED,DC=etc Instead of "uacSet:2", I used the shortcut "-sc ad-disable". The latter made the account disabled, and the former didn't - "useraccountcontrol" stayed at 4096/0x1000 - 'WORKSTATION_TRUST_ACCOUNT'. I guess I was using it wrong. The "-sc ad-disable" did change the useraccountcontrol to 4098 (i.e., it added in the "2" for ACCOUNTDISABLE). > Does your CSV have a list of DNs? No, just the names. > I believe you would actually want to use the CSV input mode in admod and pipe > in that CSV file rather than using adfind. There's an example in the help. I did see that, but got confused. :-) So I fell back on what I knew should work. So now, after lunch, a quick script to open the CSV, read each name, pass it to ADFIND, and I should be good. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin