Try this for starters. You can add code as necessary to output only the
accounts you want.
The first piece of code shows you how to disable and account. The second
script shows you a way to enumerate account and get the password age.
#########################################################
#Check to see if account exists and get current state.
if (Win32::NetAdmin::UsersExist($PDC, $_))
{
if (Win32::AdminMisc::UserGetMiscAttributes($PDC, "$_", \%Attribs))
{
&ToggleDisableAccount;
}
else
{
print "Get Attribs Failed. $_\n";
}
}
else
{
print LOG "$_\tNo_Account found\n";
print "$_\tNo_Account found\n";
}
sub ToggleDisableAccount
{
# See if the account is already Disabled.
if ($Attribs{USER_FLAGS} & UF_ACCOUNTDISABLE)
{
print LOG "$_\tAlready Disabled\n";
print "$_\tAlready Disabled\n";
}
else
{
if ($Action eq "Disable")
{
# Disable Account
$Flags = $Attribs{USER_FLAGS} | UF_ACCOUNTDISABLE;
$Comment = $Attribs{USER_COMMENT} . " percall: CSA
Disabled: $Timestamp EST";
if (Win32::AdminMisc::UserSetMiscAttributes($PDC,
"$_", USER_FLAGS=>$Flags, USER_COMMENT=>$Comment))
{
print LOG "$_\tDisabled\n";
print "$i: $_ - Disabled\n";
}
else
{
print LOG "$_\tDisable Failed\n";
print
Win32::FormatMessage(Win32::GetLastError());
}
}
}
}
######################################################333
This script uses ADSI and the AdminMisc module.
syntax: "perl ScriptName DomainName"
# Author: Howard A. Bullock
# Created: 10-Jan-2000
# Last Modified: 24-Apr-2000
use Win32::OLE;
use Win32::OLE::Enum;
use Win32::ODBC;
use Win32::AdminMisc;
use strict;
my $target = $ARGV[0];
#-------------------------------------------------------------------------
# Enumerate the objects of the domain passed to the program.
#-------------------------------------------------------------------------
&EnumObject ("WinNT://$target", "Domain");
#-------------------------------------------------------------------------
# Close and exit.
#-------------------------------------------------------------------------
&Log ($target, "$target process terminating normally");
exit;
sub EnumObject
{
my $ADsPath = shift;
my $ADsClass = shift;
#-------------------------------------------------------------------------
# Create new OLE ADSI object.
#-------------------------------------------------------------------------
my $obj = Win32::OLE->GetObject("$ADsPath,$ADsClass");
$obj->{Filter} = ["User"];
#-------------------------------------------------------------------------
# Create OLE enumeration object using the OLE ADSI object.
#-------------------------------------------------------------------------
my $enumobj = Win32::OLE::Enum->new($obj);
print "Enumerating $ADsPath,$ADsClass\n";
$ADsPath = "\'" . $ADsPath . "\'";
$ADsClass = "\'" . $ADsClass . "\'";
my $counter;
#-------------------------------------------------------------------------
# Loop through all enumerated objects.
#-------------------------------------------------------------------------
foreach my $i ($enumobj->All) {
#----------------------------------------------------------------------
# Check to see if the object is a user. If not, next object.
#----------------------------------------------------------------------
uc($i->{Class}) eq uc("User") or next;
$counter++;
#----------------------------------------------------------------------
# Gather the account properties and format the data for use
in a SQL
# statement. Valid data or the word 'NULL" must be used in
SQL.
#----------------------------------------------------------------------
my $Account = $i->{Name};
my $PasswordAge = $i->{PasswordAge};
my $PasswordExpired = $i->{PasswordExpired};
my $UserFlags = $i->{UserFlags};
#----------------------------------------------------------------------
# Bitwise operations must be performed on $UserFlags to
determine if
# individual account properties are set. The AdminMisc
module provides
# a set of constants that can be used. See the module
documentation at
# http://www.roth.net for details.
#----------------------------------------------------------------------
my $LockedOut = $UserFlags & UF_LOCKOUT;
my $PasswordCanNotExpire = $UserFlags &
UF_DONT_EXPIRE_PASSWD;
my $UserCanNotChangePassword = $UserFlags &
UF_PASSWD_CANT_CHANGE;
my $AccountDisabled = $UserFlags & UF_ACCOUNTDISABLE;
#----------------------------------------------------------------------
# This is used commented out.
#
# Use this section to print the values to the screen for
testing.
#----------------------------------------------------------------------
open (OUTFILE, ">>c:\\data\\scripts\\PWordAge.txt");
print OUTFILE
"$Account\t$PasswordAge\t$PasswordExpired\t$LockedOut\t" .
"$PasswordCanNotExpire\t$UserCanNotChangePassword\t" .
"$AccountDisabled\n";
close OUTFILE;
print "$Account\n";
}
}
sub FixArray {
my($Thing) = @_;
if (ref $Thing) {
return $Thing;
} else {
return $Thing ? [$Thing] : [];
}
}
sub Log{
my $logfile = shift;
$logfile = "c:\\data\\scripts\\adsi-$logfile.log";
my $text = shift;
my $time = localtime;
open (LOG, ">>$logfile") || die "Could not open $logfile!";
print LOG "$time - $text\n";
close LOG;
}
#---------------------------------------------------------------------------
--
-----Original Message-----
From: Steven Manross [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 11, 2001 10:58 AM
To: '[EMAIL PROTECTED]';
[EMAIL PROTECTED]
Subject: RE: WIN32::NetAdmin - Disabling an account through PERL
Look at the Ppassword age of an account. I don't have the code handy, but
providing you require users to change their passwords at regular intervals
(say... 45 days), it should do the trick.
Steven
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin
