Check for disabled computer accounts in AD

Check for disabled computer accounts in AD (Full Version)

All Forums >> [Scripting Technologies] >> VB Script

Message

kwijibo -> Check for disabled computer accounts in AD (6/19/2008 12:46:14 AM)
Hi, I've used this forum many times and find it a very useful resource, this is my first time posting though. I have looked extensively for a solution for this but cannot find an answer. How can you check whether a computer account is disabled in AD or not using VBScript? I can find many solutions for doing this with user accounts but not for computer accounts? Thanks in advance for any help.

jsandys -> RE: Check for disabled computer accounts in AD (6/19/2008 12:51:58 PM)
No script needed. dsquery computer -disabled lists all computers that are disabled. *dsquery computer -name computername* -disabled** lists computers that match the computername parameter if they are disabled. dsquery user -disabled works for users.

kwijibo -> RE: Check for disabled computer accounts in AD (6/19/2008 6:15:39 PM)
Thanks for the reply, I'm trying to do a check within a VBScript to see if a computer account is disabled before I do something else. Is there a way using VBScript I can perform the check?

jsandys -> RE: Check for disabled computer accounts in AD (6/19/2008 10:44:24 PM)
OK. Here's a sample script from the Technet script repository: http://www.microsoft.com/technet/scriptcenter/scripts/default.mspx?mfr=true. This script gets info about a computer object, an IADsComputer object in ADSI term.s If you look up IADsComputer in MSDN, there is unfortunately no reference to any property or method talking about the acocunt being disabled. Fear not though. If you look up the AD schema in MSDN (http://msdn.microsoft.com/en-us/library/ms680987(VS.85).aspx), you will see that the Computer is a subclass of the User class, thus everything that applies to a User object (IADsUser ADSI interface) also applies to the Computer object (IADsComputer interface). If you do a web search on IADsComputer and AccountDisabled, you'll get the following link which also eludes to this but they are talking .Net code so it doesn;t exactly translate: http://www.ondotnet.com/pub/a/dotnet/2003/08/04/activedir.html Thus we have the following: Set objComputer = GetObject _ ("LDAP://CN=atl-dc-01,CN=Computers,DC=fabrikam,DC=com") objProperty = objComputer.Get("AccountDisabled") Wscript.Echo "Account is Disabled: " & objProperty

kwijibo -> RE: Check for disabled computer accounts in AD (6/20/2008 1:07:48 AM)
Thanks very much that works great! For anyone else here is what I knocked up: 'Checks if a computer account is disabled Function isAccountDisabled(distName) Set objComputer = GetObject(distName) IF objComputer.AccountDisabled = True Then result = True Else result = False End If isAccountDisabled = result End Function

Page: [1]

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.84375