Description
In this article, I am going to explain and write vbscript code to Disable Active Directory user account using user’s objectguid, samAccountName and distinguishedname and also Disable Bulk AD Users from CSV File using vbscript.
Note: You should run this vbscript code on a machine with windows Active Directory domain.
Summary
- VBScript to Disable AD User Account by DN
- VBScript to Disable AD User by ObjectGUID
- VBScript to Disable AD User by samAccountName
- VBScript to Disable Bulk AD Users from CSV file
VBScript to Disable Active Directory user by DistinguishedName
1. Copy the below example VBScript code and paste it in notepad or a VBScript editor.
2. Change the value for strUserDN with your own user’s DN which you are going to disable.
3. Save the file with a .vbs extension, for example: Disable-AD-User.vbs
4. Double-click the vb script file (or Run this file from command window) to disable AD user.
' Disable-AD-User.vbs ' Sample VBScript to disable Active Directory user ' Author: https://www.morgantechspace.com/ ' ------------------------------------------------------' Option Explicit Dim strUserDN Dim objUser strUserDN= "CN=TestUser,OU=TestOU1,DC=MyDomain,DC=Com" Set objUser = GetObject("LDAP://"& strUserDN) objUser.AccountDisabled = True objUser.SetInfo MsgBox("AD user disabled successfully using VBScript code.") WScript.Quit
VBScript to Disable Active Directory user using by ObjectGUID
1. Copy the below example VBScript code and paste it in notepad or a VBScript editor.
2. Change the value for strUserGUID with your own user’s ObjectGUID string which you are going to disable.
3. Save the file with a .vbs extension, for example: DisableADUserWithGUID.vbs
4. Double-click the vb script file (or Run this file from command window) to disable AD user.
' DisableADUserWithGUID.vbs ' Sample VBScript to disable AD user with ObjectGUID ' Author: https://www.morgantechspace.com/ ' ------------------------------------------------------' Option Explicit Dim strUserGUID Dim objUser strUserGUID= "A777394D-0B5C-4FD2-BDDC-B12DDFB570A4" Set objUser = GetObject("LDAP://<guid="& struserguid&">") objUser.AccountDisabled = True objUser.SetInfo MsgBox("AD user disabled successfully using VBScript code.") WScript.Quit
VBScript to Disable AD User Account by samAccountName
1. Copy the below example VBScript code and paste it in notepad or a VBScript editor.
2. Change the value for strUserName with your own user’s samAccountName which you are going to disable.
3. Save the file with a .vbs extension, for example: DisableADUserWithsamAccountName.vbs
4. Double-click the vb script file (or Run this file from command window) to disable AD user.
' DisableADUserWithsamAccountName.vbs ' Sample VBScript to disable AD user . ' Author: https://www.morgantechspace.com/ ' ------------------------------------------------------' Option Explicit Dim adoCommand, adoConnection Dim varBaseDN, varFilter, varAttributes Dim objRootDSE, varDNSDomain, strQuery, adoRecordset,strUserDN Dim strSamAccountName,objUser ' Setup ADO objects. Set adoCommand = CreateObject("ADODB.Command") Set adoConnection = CreateObject("ADODB.Connection") adoConnection.Provider = "ADsDSOObject" adoConnection.Open "Active Directory Provider" Set adoCommand.ActiveConnection = adoConnection ' Search entire Active Directory domain. Set objRootDSE = GetObject("LDAP://RootDSE") varDNSDomain = objRootDSE.Get("defaultNamingContext") varBaseDN = "<LDAP://" & varDNSDomain & ">" strSamAccountName="Test" ' Filter on user objects. varFilter = "(&(objectCategory=person)(objectClass=user)(samaccountname="& strSamAccountName &"))" ' Comma delimited list of attribute values to retrieve. varAttributes = "samaccountname,distinguishedname" ' Construct the LDAP syntax query. strQuery = varBaseDN & ";" & varFilter & ";" & varAttributes & ";subtree" adoCommand.CommandText = strQuery adoCommand.Properties("Page Size") = 1000 adoCommand.Properties("Timeout") = 20 adoCommand.Properties("Cache Results") = False ' Run the query. Set adoRecordset = adoCommand.Execute ' Enumerate the resulting recordset. Do Until adoRecordset.EOF ' Retrieve values and display. strUserDN = adoRecordset.Fields("distinguishedname").value Set objUser = GetObject("LDAP://"& strUserDN) objUser.AccountDisabled = True objUser.SetInfo ' Move to the next record in the recordset. adoRecordset.MoveNext Loop If strUserDN = "" then Msgbox "No user found with the name '"& strSamAccountName &"'" Else Msgbox "The user '"& strSamAccountName &"' disabled successfully..." end if ' close ado connections. adoRecordset.Close adoConnection.Close
VBScript to Disable Bulk AD users From CSV File
1. Copy the below example VBScript code and paste it in notepad or a VBScript editor.
2. Save the file with a .vbs extension, for example: DisableBulkADUsersFromCSV.vbs
3. Change the CSV file path C:UsersAdministratorDesktopAll_Users.csv with your own file path.
4. Double-click the VBScript file (or Run this file from command window) to disable Bulk AD users from CSV file.
Note: Your CSV file (All_Users.csv) should contains the column objectguid as a first column, otherwise you need to change the index value 0 to other value —> csvUserFields(0)… which depends on your column index of objectguid in CSV file
' DisableBulkADUsersFromCSV.vbs ' Sample VBScript to Disable AD Users from CSV file . ' Author: https://www.morgantechspace.com/ ' ------------------------------------------------------' Option Explicit Dim strUserGUID,objUser ' Variables needed for CSV File Information Dim varFileName,objFSO,objFile,csvUserFields Const ForReading = 1 ' Specify the csv file full path. varFileName = "C:\UsersAdministratorDesktopAll_Users.csv" ' Open the file for reading. Set objFSO = CreateObject("Scripting.FileSystemObject") Set objFile = objFSO.OpenTextFile(varFileName, ForReading) ' Read the first line - csv columns -not needed for our proceess objFile.ReadLine ' Skip the error if the user doesn't exist..... on error resume next ' Read the file and create new user. Do Until objFile.AtEndOfStream ' Splits prioperty values. csvUserFields = Split(objFile.ReadLine,",") ' All_Users.csv file should contains the column objectguid as first column ' Otherwise you need change the index value 0 to other value here...csvUserFields(0)... ' which depends on your column index of objectguid in CSV file. strUserGUID = csvUserFields(0) Set objUser = GetObject("LDAP://<GUID="& strUserGUID &">") objUser.AccountDisabled = True objUser.SetInfo Loop MsgBox("Bulk AD Users Disabled from CSV file using VBScript.") WScript.Quit