I have been asked to set up some accounts with additional privileges for our computing students which is fine as the ICT Curriculum Area have agreed that these accounts will be disabled, and enabled as required by themselves.
I'm going to put all of the accounts within one OU and delegate control but do not want to install the AD toolkit on any machines.
Can I set up a batch file somewhere in a shared drive to enable \ disable the accounts? and does anyone know what I need to put in the batch file.
I have Googled but not had much joy to date.
The below might work for you.
You will need to change lines 17 and 25 to your AD config. Save the file as enable accounts then change line 28 to sayand save it as disable account.objUser.AccountDisabled = True
Hope this is what you are looking for.
'On Error Resume Next
' Set veriables
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
'set query limit to 1000 records
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
'Get all users from Systems Services test OU
objCommand.CommandText = _
"SELECT Name FROM 'LDAP://PLUTO/ou=test,ou=Systems Services,dc=hummersknott,dc=local' WHERE objectCategory='user'"
Set objRecordSet = objCommand.Execute
'Loop through all users
Do Until objRecordSet.EOF
'set ldap query with name from above query
Set objUser = GetObject("LDAP://PLUTO/cn="& objRecordSet.Fields("Name").Value &",ou=test,ou=Systems Services,dc=hummersknott,dc=local")
objUser.AccountDisabled = False
'Write changes to active directory account
'move onto next account
eddyc (16th December 2013)
There are currently 1 users browsing this thread. (0 members and 1 guests)