| Author | Messages | |
RamonLinan
Posts:0
 | | 08/25/2006 6:16 AM |
| Hi,
I have been given a list of 200 users to
disable, and move to another OU.
The users are not currently in the same OU
but in many different OU.
I am trying to use the txt file that
contains the list of users to be disable.
How can I do this?
I was trying to use the query tool that
comes with AD users and computer to select the users but got nowhere with
(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14))))(objectCategory=user)(cn=user1)))
(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14))))(objectCategory=user)(cn=user2)))
etc
Thanks
Rezuma | | | |
| DouglasStelley
Posts:2
| | 08/25/2006 6:45 AM |
| What if you modify (cn=user1)
with (anr=user1)
Douglas Stelley
IT Engineer
Seneca Nation Health Department
(716)532-5582 x5404
Douglas.Stelley@xxxxxxxxxxxxxxxx
"Ramon Linan"
Sent by:
08/25/2006 02:16 PM
Please respond to
To
cc
Subject
[ActiveDir] disable 200 users
Hi,
I have been given a list of
200 users to disable, and move to another OU.
The users are not currently
in the same OU but in many different OU.
I am trying to use the txt
file that contains the list of users to be disable.
How can I do this?
I was trying to use the query
tool that comes with AD users and computer to select the users but got
nowhere with
(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14))))(objectCategory=user)(cn=user1)))
(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14))))(objectCategory=user)(cn=user2)))
etc
Thanks
Rezuma | | | |
| deji
Posts:150
| | 08/25/2006 6:49 AM |
| You have a list to use as input file. Read from that list and get the DN of each user. Then pass the DN to the script listed in this sample: http://www.microsoft.com/technet/scriptcenter/scripts/default.mspx?mfr=true
Or
In a batch file, do a For loop and read in the input file, then use dsquery to get the DN and pass that to dsmod to disable the accounts
Something like:
FOR /F %%i IN (mylistofnames.txt) DO dsquery user forestroot -scope subtree -o dn|dsmod user -disabled Yes
Sincerely, _____ (, / | /) /) /) /---| (/_ ______ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com - we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: Ramon LinanSent: Fri 8/25/2006 11:16 AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] disable 200 users
Hi,
I have been given a list of 200 users to disable, and move to another OU.
The users are not currently in the same OU but in many different OU.
I am trying to use the txt file that contains the list of users to be disable.
How can I do this?
I was trying to use the query tool that comes with AD users and computer to select the users but got nowhere with
(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14))))(objectCategory=user)(cn=user1)))
(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14))))(objectCategory=user)(cn=user2)))
etc
Thanks
Rezuma | | | |
| matheesha
Posts:15
| | 08/25/2006 7:31 AM |
| where OU=NEWDEST,DC=FQDN is the FQDN of the new OU you want to move to.please note your list of names must be unique. Test before doing this by ensuring the command below
FOR /F %i IN (mylistofnames.txt) DO dsquery user forestroot -scope subtree -name %i -o dn >> textfilename.txtgives you a list of DNs you really want to disable/move. Please check syntax and test before doing for real on production servers!
RegardsM@On 8/25/06,
Akomolafe, Deji wrote:
You have a list to use as input file. Read from that list and get the DN of each user. Then pass the DN to the script listed in this sample:
http://www.microsoft.com/technet/scriptcenter/scripts/default.mspx?mfr=true
Or
In a batch file, do a For loop and read in the input file, then use dsquery to get the DN and pass that to dsmod to disable the accounts
Something like:
FOR /F %%i IN (mylistofnames.txt) DO dsquery user forestroot -scope subtree -o dn|dsmod user -disabled Yes
Sincerely, _____ (, / | /) /) /) /---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Services
www.akomolafe.com - we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: Ramon LinanSent: Fri 8/25/2006 11:16 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] disable 200 users
Hi,
I have been given a list of 200 users to disable, and move to another OU.
The users are not currently in the same OU but in many different OU.
I am trying to use the txt file that contains the list of users to be disable.
How can I do this?
I was trying to use the query tool that comes with AD users and computer to select the users but got nowhere with
(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:
1.2.840.113556.1.4.804:=14))))(objectCategory=user)(cn=user1)))
(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:
1.2.840.113556.1.4.804:=14))))(objectCategory=user)(cn=user2)))
etc
Thanks
Rezuma | | | |
| AD00000843
Posts:0
| | 08/25/2006 8:31 AM |
| You may want to take a look at ADmodify.net
http://www.gotdotnet.com/workspaces/workspace.aspx?id=f5cbbfa9-e46b-4a7a-8ed8-3e44523f32e2
Nice tools for batch AD modifs.
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ramon Linan
Sent: Friday, August 25, 2006 2:16
PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] disable 200
users
Hi,
I have been given a list of 200 users to
disable, and move to another OU.
The users are not currently in the same OU
but in many different OU.
I am trying to use the txt file that
contains the list of users to be disable.
How can I do this?
I was trying to use the query tool that
comes with AD users and computer to select the users but got nowhere with
(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14))))(objectCategory=user)(cn=user1)))
(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14))))(objectCategory=user)(cn=user2)))
etc
Thanks
Rezuma | | | |
| DouglasStelley
Posts:2
| | 12/27/2006 3:26 AM |
| might take a bit of tweaking, but a
simple solution might be this vbs code...
Set WshShell = CreateObject("WScript.Shell")
Set rootDSE = GetObject("LDAP://RootDSE")
domainContainer = rootDSE.Get("defaultNamingContext")
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADSDSOObject"
conn.Open "ADs Provider"
Const ADS_UF_ACCOUNTDISABLE = 2
' location of userlist
TheFilePath="c:\file.txt"
set objFS=CreateObject("Scripting.FileSystemObject")
set FileObj = objFS.OpenTextFile(ThefilePath,1,false)
Do Until FileObj.AtEndOfStream
struser
= FileObj.Readline
LDAPStr
= ";
_
(&(objectClass=User)(objectCategory=Person)(anr="
& struser & "))" & _
";distinguishedName;subtree"
'msgbox
LDAPStr
set
rs = conn.Execute(LDAPStr)
If
rs.RecordCount > 0 Then
rs.MoveFirst
do
until rs.EOF
Set objUser = GetObject ("LDAP://"
& rs.fields("distinguishedName"))
intUAC = objUser.Get("userAccountControl")
'disable the account
objUser.Put "userAccountControl",
intUAC OR ADS_UF_ACCOUNTDISABLE
objUser.SetInfo
' change the OU info here to move the
account
Set objOU = GetObject("LDAP://ou=sales,dc=na,dc=fabrikam,dc=com")
objOU.MoveHere _
"LDAP://" & rs.fields("distinguishedName"),
vbNullString
rs.movenext
loop
end
if
loop
FileObj.close
conn.close
msgbox "done"
Doug
"Ramon Linan"
Sent by:
08/25/2006 02:16 PM
Please respond to
To
cc
Subject
[ActiveDir] disable 200 users
Hi,
I have been given a list of
200 users to disable, and move to another OU.
The users are not currently
in the same OU but in many different OU.
I am trying to use the txt
file that contains the list of users to be disable.
How can I do this?
I was trying to use the query
tool that comes with AD users and computer to select the users but got
nowhere with
(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14))))(objectCategory=user)(cn=user1)))
(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14))))(objectCategory=user)(cn=user2)))
etc
Thanks
Rezuma | | | |
|
|