Which account is locked or disabled today?

Filed Under (Windows Networking) by Just An Admin on 03-12-2008

In an earlier post a script was published which automatically sends users a warning message/mail when their password is about to expire.

A more simple approach would be to scan the AD for disabled and locked accounts manually or at a set interval, say each morning.

Paste the code below in a VBS script file (ie. accountlookup.vbs) and change the value of strComputer to your Active Directory server name. By creating a scheduled task to run this script at a set interval you only need to check the logs each morning to see what is coming…
[cc width=”600″ lang=”vb”]

Const ForWriting = 2

strComputer = “servername”
strLog = “log.txt”

On Error Resume Next

Set objFSO = CreateObject(“Scripting.FileSystemObject”)
Set objLog = objFSO.OpenTextFile(strLog, ForWriting, True)

Set objWMIService = GetObject(“winmgmts:\\” & strComputer & “\root\CIMV2”)
Set colItems = objWMIService.ExecQuery(“SELECT * FROM Win32_UserAccount WHERE LocalAccount = ‘True'”)

For Each objUser In colItems
If objUser.Disabled Then
objLog.WriteLine objUser.Name & “,disabled”
ElseIf objUser.Lockout Then
objLog.WriteLine objUser.Name & “,locked out”
End If


Incoming search terms:

Post a comment