VB Script to isolate inactive computer accounts in AD - Simple Version

  • Thread starter Thread starter Eric Wu
  • Start date Start date
E

Eric Wu

Hi All,
Following is my script and part of instruction in simple version. Hope
this is useful for you.Thank you for you time.

best regards,

Eric wu
Senior Engineer
IT Div. , Alphanetworks Taiwan
E-mail: (e-mail address removed)



'' This script is designed to find inactive computer accounts in specified
AD domain.
'' Once it found inactive computer accounts, it will move it to a specified
OU.
'' The "Inactive" condition is based on "PwdLastChange" properity of
computer object.
'' A domain member computers will change it's password every 30 days by
default, except you disable this feature
'' on individual computer or through group policy. If you disabled this
feature on most computers in your domain,
'' don't use this scriptto clear inactive computer accounts in your AD
domain.
'' Any suggestion or feedback will be greatly appreciated.
'' If it found the time difference is less than specified value, it will
move it back to default computers container.
'' You muct create the ou before ypou run this script
'' Writer:
'' Eric wu,§d¥ú½÷
'' Senior Engineer
'' IT Div. , Alphanetworks Taiwan
'' E-mail: (e-mail address removed) or (e-mail address removed)



Option Explicit
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
Dim
objConnection,objCommand,objRecordSet,objNewOU,objComputer,objOriComputer
Dim strDomain
Dim strDestOU
Dim intConfirm
Dim intDuration
strDomain="DC=nwtraders,DC=com,DC=tw" 'Write your domain here
strDestOU="OU=InactiveComputers" 'Write your OU here
intDuration = 45 'Default is 45 days, if you want delete inactive computer
accounts, please use 60
'Also, please backup you AD before you delete these accounts manually!

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

Set objCOmmand.ActiveConnection = objConnection
'Retrieve all computer object in specified domain
objCommand.CommandText = "Select Name,DistinguishedName from 'LDAP://" &
strDomain & _
"' where objectClass='computer'"
objCommand.Properties("Page Size") = 1500
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False

Set objRecordSet = objCommand.Execute
'Failed when domain name error.
If Err.Number <> 0 Then Wscript.Quit


Set objNewOU = GetObject("LDAP://" & strDestOU & "," & strDomain)
'Failed when specified OU does not exist.
If Err.Number <> 0 Then Wscript.Quit

'Used when move computer accounts back to default computers container
Set objOriComputer = GetObject("LDAP://CN=Computers," & strDomain)


objRecordSet.MoveFirst
Dim
dtmValue,intDateDiff,intSuccessCount,intErrorCount,intNotMoveCount,intMoveBa
ck,objMoveComputer
intSuccessCount = 0
intErrorCount = 0
intNotMoveCount = 0
intMoveBack = 0

Do While not objRecordSet.EOF
'Retrieve each computer object and get PasswordLastChanged property.
Set objComputer = GetObject("LDAP://" &
objRecordSet.Fields("DistinguishedName").Value)
dtmValue = CDate(objComputer.PasswordLastChanged)


'Check time difference by day.
intDateDiff=CInt(Now - dtmValue)

If CInt(intDateDiff) > intDuration Then
'Try to move computer object if not in specified OU.
If
InStr(UCase(objRecordSet.Fields("DistinguishedName").Value),UCase(strDestOU)
& ",") = 0 Then
Set objMoveComputer = objNewOU.MoveHere _
("LDAP://" &
objRecordSet.Fields("DistinguishedName").Value,"CN=" &_
objRecordSet.Fields("Name").Value)
If Err.Number = 0 Then
intSuccessCount = intSuccessCount + 1
Else

intErrorCount = intErrorCount + 1
End If
Else
intNotMoveCount = intNotMoveCount + 1
End If
Else
'Try to move computer account back to specified OU if time difference less
than specified value
If
InStr(UCase(objRecordSet.Fields("DistinguishedName").Value),UCase(strDestOU)
& ",") <> 0 Then
Set objMoveComputer = objOriComputer.MoveHere _
("LDAP://" &
objRecordSet.Fields("DistinguishedName").Value,"CN=" &_
objRecordSet.Fields("Name").Value)

If Err.Number = 0 Then

intMoveBack = intMoveBack +1
Else
intErrorCount = intErrorCount + 1
End If
End If

End If

objRecordSet.MoveNext
Err.Clear

Loop

Wscript.Echo "Move Result:" & Chr(13) &_
intSuccessCount & "computer(s) moved successfully¡A" & intErrorCount & "
Failed¡C" & Chr(13) & _
intNotMoveCount & " is already in specified OU,"& intMoveBack & " moved
back to default computers container¡C"
 
Back
Top