Which account is locked or disabled today? » Blog Archive » JADOTA – Just Another Day Of The Admin!

Which account is locked or disabled today?

Filed Under (Windows Networking) by Just An Admin on 03-12-2008

In an earlier post a script was published which automatically sends users a warning message/mail when their password is about to expire.

A more simple approach would be to scan the AD for disabled and locked accounts manually or at a set interval, say each morning.

Paste the code below in a VBS script file (ie. accountlookup.vbs) and change the value of strComputer to your Active Directory server name. By creating a scheduled task to run this script at a set interval you only need to check the logs each morning to see what is coming…

Click here to view the code!


Const ForWriting = 2
strComputer = "servername"

strLog = "log.txt"
On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objLog = objFSO.OpenTextFile(strLog, ForWriting, True)
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")

Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_UserAccount WHERE LocalAccount = 'True'")
For Each objUser In colItems

If objUser.Disabled Then

objLog.WriteLine objUser.Name & ",disabled"

ElseIf objUser.Lockout Then

objLog.WriteLine objUser.Name & ",locked out"

End If

Next

objLog.Close

0 Comments Print This Post 133 views

Tagged Under : account, Active Directory, locked, script

Post a comment