Description
In this article, I am going to explain and write vbscript code to Disable Active Directory user account using user’s objectguid, samAccountName and distinguishedname and also Disable Bulk AD Users from CSV File using vbscript.
Note: You should run this vbscript code on a machine with windows Active Directory domain.
Summary
- VBScript to Disable AD User Account by DN
- VBScript to Disable AD User by ObjectGUID
- VBScript to Disable AD User by samAccountName
- VBScript to Disable Bulk AD Users from CSV file
VBScript to Disable Active Directory user by DistinguishedName
1. Copy the below example VBScript code and paste it in notepad or a VBScript editor.
2. Change the value for strUserDN with your own user’s DN which you are going to disable.
3. Save the file with a .vbs extension, for example: Disable-AD-User.vbs
4. Double-click the vb script file (or Run this file from command window) to disable AD user.
' Disable-AD-User.vbs
' Sample VBScript to disable Active Directory user
' Author: https://www.morgantechspace.com/
' ------------------------------------------------------'
Option Explicit
Dim strUserDN
Dim objUser
strUserDN= "CN=TestUser,OU=TestOU1,DC=MyDomain,DC=Com"
Set objUser = GetObject("LDAP://"& strUserDN)
objUser.AccountDisabled = True
objUser.SetInfo
MsgBox("AD user disabled successfully using VBScript code.")
WScript.Quit
VBScript to Disable Active Directory user using by ObjectGUID
1. Copy the below example VBScript code and paste it in notepad or a VBScript editor.
2. Change the value for strUserGUID with your own user’s ObjectGUID string which you are going to disable.
3. Save the file with a .vbs extension, for example: DisableADUserWithGUID.vbs
4. Double-click the vb script file (or Run this file from command window) to disable AD user.
' DisableADUserWithGUID.vbs
' Sample VBScript to disable AD user with ObjectGUID
' Author: https://www.morgantechspace.com/
' ------------------------------------------------------'
Option Explicit
Dim strUserGUID
Dim objUser
strUserGUID= "A777394D-0B5C-4FD2-BDDC-B12DDFB570A4"
Set objUser = GetObject("LDAP://<guid="& struserguid&">")
objUser.AccountDisabled = True
objUser.SetInfo
MsgBox("AD user disabled successfully using VBScript code.")
WScript.Quit
VBScript to Disable AD User Account by samAccountName
1. Copy the below example VBScript code and paste it in notepad or a VBScript editor.
2. Change the value for strUserName with your own user’s samAccountName which you are going to disable.
3. Save the file with a .vbs extension, for example: DisableADUserWithsamAccountName.vbs
4. Double-click the vb script file (or Run this file from command window) to disable AD user.
' DisableADUserWithsamAccountName.vbs
' Sample VBScript to disable AD user .
' Author: https://www.morgantechspace.com/
' ------------------------------------------------------'
Option Explicit
Dim adoCommand, adoConnection
Dim varBaseDN, varFilter, varAttributes
Dim objRootDSE, varDNSDomain, strQuery, adoRecordset,strUserDN
Dim strSamAccountName,objUser
' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection
' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
varDNSDomain = objRootDSE.Get("defaultNamingContext")
varBaseDN = "<LDAP://" & varDNSDomain & ">"
strSamAccountName="Test"
' Filter on user objects.
varFilter = "(&(objectCategory=person)(objectClass=user)(samaccountname="& strSamAccountName &"))"
' Comma delimited list of attribute values to retrieve.
varAttributes = "samaccountname,distinguishedname"
' Construct the LDAP syntax query.
strQuery = varBaseDN & ";" & varFilter & ";" & varAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 1000
adoCommand.Properties("Timeout") = 20
adoCommand.Properties("Cache Results") = False
' Run the query.
Set adoRecordset = adoCommand.Execute
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
' Retrieve values and display.
strUserDN = adoRecordset.Fields("distinguishedname").value
Set objUser = GetObject("LDAP://"& strUserDN)
objUser.AccountDisabled = True
objUser.SetInfo
' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop
If strUserDN = "" then
Msgbox "No user found with the name '"& strSamAccountName &"'"
Else Msgbox "The user '"& strSamAccountName &"' disabled successfully..."
end if
' close ado connections.
adoRecordset.Close
adoConnection.Close
VBScript to Disable Bulk AD users From CSV File
1. Copy the below example VBScript code and paste it in notepad or a VBScript editor.
2. Save the file with a .vbs extension, for example: DisableBulkADUsersFromCSV.vbs
3. Change the CSV file path C:UsersAdministratorDesktopAll_Users.csv with your own file path.
4. Double-click the VBScript file (or Run this file from command window) to disable Bulk AD users from CSV file.
Note: Your CSV file (All_Users.csv) should contains the column objectguid as a first column, otherwise you need to change the index value 0 to other value —> csvUserFields(0)… which depends on your column index of objectguid in CSV file
' DisableBulkADUsersFromCSV.vbs
' Sample VBScript to Disable AD Users from CSV file .
' Author: https://www.morgantechspace.com/
' ------------------------------------------------------'
Option Explicit
Dim strUserGUID,objUser
' Variables needed for CSV File Information
Dim varFileName,objFSO,objFile,csvUserFields
Const ForReading = 1
' Specify the csv file full path.
varFileName = "C:\UsersAdministratorDesktopAll_Users.csv"
' Open the file for reading.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(varFileName, ForReading)
' Read the first line - csv columns -not needed for our proceess
objFile.ReadLine
' Skip the error if the user doesn't exist.....
on error resume next
' Read the file and create new user.
Do Until objFile.AtEndOfStream
' Splits prioperty values.
csvUserFields = Split(objFile.ReadLine,",")
' All_Users.csv file should contains the column objectguid as first column
' Otherwise you need change the index value 0 to other value here...csvUserFields(0)...
' which depends on your column index of objectguid in CSV file.
strUserGUID = csvUserFields(0)
Set objUser = GetObject("LDAP://<GUID="& strUserGUID &">")
objUser.AccountDisabled = True
objUser.SetInfo
Loop
MsgBox("Bulk AD Users Disabled from CSV file using VBScript.")
WScript.Quit