find user object in AD Stefano 5/31/2007 9:45:00 AM I'm trying to create a script to find a user object in AD anche change its status to disabled . The problem is that I found only exmaple in which the OU in which the user resides is known . As in Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") This is useless , however , because we cannot know where the user is . So I found another example ( which tests if a user exist in AD ) objCommand.CommandText = _ "<LDAP://dc=matrix,dc=loc>;(&(objectCategory=User)" & _ "(samAccountName=" & strUserName & "));samAccountName;subtree" Set objRecordSet = objCommand.Execute My problem is : how can I use the results from the second example to disable the user ? Is there another ( better ) way of doing it ? Thanks Stefano

Re: find user object in AD "Richard Mueller [MVP]" <rlmueller-nospam[ at ]ameritech.nospam.net> 5/31/2007 1:14:02 PM Stefano wrote: [Quoted Text] > I'm trying to create a script to find a user object in AD anche change its > status to disabled . > > The problem is that I found only exmaple in which the OU in which the user > resides is known . As in > Set objUser = GetObject _ > ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") > > This is useless , however , because we cannot know where the user is . > So I found another example ( which tests if a user exist in AD ) > > objCommand.CommandText = _ > "<LDAP://dc=matrix,dc=loc>;(&(objectCategory=User)" & _ > "(samAccountName=" & strUserName & "));samAccountName;subtree" > > Set objRecordSet = objCommand.Execute > > My problem is : how can I use the results from the second example to > disable > the user ? > Is there another ( better ) way of doing it ? If you know the "pre-Windows 2000 logon" name (also called the NT name or userID) you can use the NameTranslate object to convert to the Distinguished Name. For example: =================== Constants for the NameTranslate object. Const ADS_NAME_INITTYPE_GC = 3 Const ADS_NAME_TYPE_NT4 = 3 Const ADS_NAME_TYPE_1779 = 1 ' Specify the NetBIOS name of the domain. strDomain = "MyDomain" ' Prompt for user NT name. strNTName = InputBox("Enter NT Name of user") ' Use the NameTranslate object to convert the NT user name to the ' Distinguished Name required for the LDAP provider. Set objTrans = CreateObject("NameTranslate") ' Initialize NameTranslate by locating the Global Catalog. objTrans.Init ADS_NAME_INITTYPE_GC, "" ' Use the Set method to specify the NT format of the object name. objTrans.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strNTName ' Use the Get method to retrieve the RPC 1779 Distinguished Name. strUserDN = objTrans.Get(ADS_NAME_TYPE_1779) ' Bind to the user object in Active Directory with the LDAP provider. Set objUser = GetObject("LDAP://" & strUserDN) ' Disable the user. objUser.AccountDisabled = True objUser.SetInfo ========== For more on NameTranslate, see this link: http://www.rlmueller.net/NameTranslateFAQ.htm To use ADO to search for objects in AD, like users, see this link: http://www.rlmueller.net/ADOSearchTips.htm -- Richard Mueller Microsoft MVP Scripting and ADSI Hilltop Lab - http://www.rlmueller.net --

Re: find user object in AD "Jeremy" <jeremy[ at ]discussions.microsoft.com> 6/5/2007 11:36:33 AM Have you thought about using dsquery and dsmod instead? "Stefano" <Stefano[ at ]discussions.microsoft.com> wrote in message news:CACCE309-2A83-4CC4-9BD7-BF48D793F864[ at ]microsoft.com... [Quoted Text] > > I'm trying to create a script to find a user object in AD anche change its > status to disabled . > > The problem is that I found only exmaple in which the OU in which the user > resides is known . As in > Set objUser = GetObject _ > ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") > > This is useless , however , because we cannot know where the user is . > So I found another example ( which tests if a user exist in AD ) > > objCommand.CommandText = _ > "<LDAP://dc=matrix,dc=loc>;(&(objectCategory=User)" & _ > "(samAccountName=" & strUserName & "));samAccountName;subtree" > > Set objRecordSet = objCommand.Execute > > My problem is : how can I use the results from the second example to > disable > the user ? > Is there another ( better ) way of doing it ? > > Thanks > Stefano > > > >