subject:"RE\: \[ActiveDir\] disable 200 users"

Re: [ActiveDir] disable 200 users

2006-12-27 Thread Douglas W Stelley

might take a bit of tweaking, but a simple solution might be this vbs 
code...

Set WshShell = CreateObject("WScript.Shell")
Set rootDSE = GetObject("LDAP://RootDSE")
domainContainer =  rootDSE.Get("defaultNamingContext")
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADSDSOObject"
conn.Open "ADs Provider"
Const ADS_UF_ACCOUNTDISABLE = 2
' location of userlist
TheFilePath="c:\file.txt"
set objFS=CreateObject("Scripting.FileSystemObject")
set FileObj = objFS.OpenTextFile(ThefilePath,1,false)
Do Until FileObj.AtEndOfStream
struser = FileObj.Readline
LDAPStr = "; _
(&(objectClass=User)(objectCategory=Person)(anr=" & struser & "))" 
& _
";distinguishedName;subtree"
'msgbox LDAPStr
set rs = conn.Execute(LDAPStr)
If rs.RecordCount > 0 Then
rs.MoveFirst
do until rs.EOF
Set objUser = GetObject ("LDAP://" & 
rs.fields("distinguishedName"))
intUAC = objUser.Get("userAccountControl")
'disable the account
objUser.Put "userAccountControl", intUAC OR 
ADS_UF_ACCOUNTDISABLE
objUser.SetInfo
' change the OU info here to move the account
Set objOU = 
GetObject("LDAP://ou=sales,dc=na,dc=fabrikam,dc=com")
objOU.MoveHere _
"LDAP://" & rs.fields("distinguishedName"), 
vbNullString
rs.movenext
loop
end if
loop
FileObj.close
conn.close
msgbox "done"


Doug





"Ramon Linan" <[EMAIL PROTECTED]> 
Sent by: <[EMAIL PROTECTED]>
08/25/2006 02:16 PM
Please respond to



To

cc

Subject
[ActiveDir] disable 200 users






Hi,
 
I have been given a list of 200 users to disable, and move to another OU.
The users are not currently in the same OU but in many different OU.
 
I am trying to use the txt file that contains the list of users to be 
disable.
 
How can I do this?
 
 
I was trying to use the query tool that comes with AD users and computer 
to select the users but got nowhere with
 
(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14(objectCategory=user)(cn=user1)))
(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14(objectCategory=user)(cn=user2)))
etc
 
 
Thanks
Rezuma

RE: [ActiveDir] disable 200 users

2006-08-25 Thread Bruyere, Michel









You may want to take a look at ADmodify.net





http://www.gotdotnet.com/workspaces/workspace.aspx?id=f5cbbfa9-e46b-4a7a-8ed8-3e44523f32e2

 

Nice tools for batch AD modifs.

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan
Sent: Friday, August 25, 2006 2:16
PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] disable 200
users



 

Hi,

 

I have been given a list of 200 users to
disable, and move to another OU.

The users are not currently in the same OU
but in many different OU.

 

I am trying to use the txt file that
contains the list of users to be disable.

 

How can I do this?

 

 

I was trying to use the query tool that
comes with AD users and computer to select the users but got nowhere with

 

(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14(objectCategory=user)(cn=user1)))

(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14(objectCategory=user)(cn=user2)))

etc

 

 

Thanks

Rezuma

Re: [ActiveDir] disable 200 users

2006-08-25 Thread Matheesha Weerasinghe

To add to Deji's, you would then use the same list to get a FOR /F %i IN (mylistofnames.txt) DO dsquery user forestroot -scope subtree -name %i -o dn|dsmove -newparent OU=NEWDEST,DC=FQDN

where OU=NEWDEST,DC=FQDN is the FQDN of the new OU you want to move to.please note your list of names must be unique. Test before doing this by ensuring the command below


FOR /F %i IN (mylistofnames.txt) DO dsquery user forestroot -scope subtree -name %i -o dn >> textfilename.txtgives you a list of DNs you really want to disable/move. Please check syntax and test before doing for real on production servers!

RegardsM@On 8/25/06, 
Akomolafe, Deji <[EMAIL PROTECTED]> wrote:








You have a list to use as input file. Read from that list and get the DN of each user. Then pass the DN to the script listed in this sample: 



http://www.microsoft.com/technet/scriptcenter/scripts/default.mspx?mfr=true
 
Or
 
In a batch file, do a For loop and read in the input file, then use dsquery to get the DN and pass that to dsmod to disable the accounts
 
Something like:
FOR /F %%i IN (mylistofnames.txt) DO dsquery user forestroot -scope subtree -o dn|dsmod user -disabled Yes


Sincerely,    _      (, /  |  /)   /) /)       /---| (/_  __   ___// _   //  _ 
 ) /    |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /)     (/   Microsoft MVP - Directory Services



www.akomolafe.com - we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon



From: Ramon LinanSent: Fri 8/25/2006 11:16 AMTo: 



ActiveDir@mail.activedir.orgSubject: [ActiveDir] disable 200 users


Hi,
 
I have been given a list of 200 users to disable, and move to another OU.
The users are not currently in the same OU but in many different OU.
 
I am trying to use the txt file that contains the list of users to be disable.
 
How can I do this?
 
 
I was trying to use the query tool that comes with AD users and computer to select the users but got nowhere with

 
(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:
1.2.840.113556.1.4.804:=14(objectCategory=user)(cn=user1)))
(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:
1.2.840.113556.1.4.804:=14(objectCategory=user)(cn=user2)))
etc
 
 
Thanks
Rezuma

RE: [ActiveDir] disable 200 users

2006-08-25 Thread Akomolafe, Deji




You have a list to use as input file. Read from that list and get the DN of each user. Then pass the DN to the script listed in this sample: http://www.microsoft.com/technet/scriptcenter/scripts/default.mspx?mfr=true
 
Or
 
In a batch file, do a For loop and read in the input file, then use dsquery to get the DN and pass that to dsmod to disable the accounts
 
Something like:
FOR /F %%i IN (mylistofnames.txt) DO dsquery user forestroot -scope subtree -o dn|dsmod user -disabled Yes


Sincerely,    _      (, /  |  /)   /) /)       /---| (/_  __   ___// _   //  _  ) /    |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /)     (/   Microsoft MVP - Directory Serviceswww.akomolafe.com - we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon


From: Ramon LinanSent: Fri 8/25/2006 11:16 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] disable 200 users


Hi,
 
I have been given a list of 200 users to disable, and move to another OU.
The users are not currently in the same OU but in many different OU.
 
I am trying to use the txt file that contains the list of users to be disable.
 
How can I do this?
 
 
I was trying to use the query tool that comes with AD users and computer to select the users but got nowhere with
 
(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14(objectCategory=user)(cn=user1)))
(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14(objectCategory=user)(cn=user2)))
etc
 
 
Thanks
Rezuma

Re: [ActiveDir] disable 200 users

2006-08-25 Thread Douglas W Stelley


What if you modify (cn=user1)
with (anr=user1)

Douglas Stelley
IT Engineer
Seneca Nation Health Department
(716)532-5582 x5404
[EMAIL PROTECTED]





"Ramon Linan"
<[EMAIL PROTECTED]> 
Sent by: <[EMAIL PROTECTED]>
08/25/2006 02:16 PM



Please respond to






To



cc



Subject
[ActiveDir] disable 200 users








Hi,
 
I have been given a list of
200 users to disable, and move to another OU.
The users are not currently
in the same OU but in many different OU.
 
I am trying to use the txt
file that contains the list of users to be disable.
 
How can I do this?
 
 
I was trying to use the query
tool that comes with AD users and computer to select the users but got
nowhere with
 
(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14(objectCategory=user)(cn=user1)))
(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14(objectCategory=user)(cn=user2)))
etc
 
 
Thanks
Rezuma

Re: [ActiveDir] disable 200 users

RE: [ActiveDir] disable 200 users

Re: [ActiveDir] disable 200 users

RE: [ActiveDir] disable 200 users

Re: [ActiveDir] disable 200 users

5 matches

Site Navigation

Mail list logo

Footer information