Export (0) Print
Expand All

Enabling or Disabling a User Account

Microsoft® Windows® 2000 Scripting Guide

You can use scripts to either enable or disable a user account. This is done by toggling the value of the ADS_UF_ACCOUNTDISABLE flag in the userAccountControl attribute.

The scripts for enabling or disabling a user account are similar.

Scripting Steps

Listing 7.9 contains a script that sets the ADS_UF_ACCOUNTDISABLE flag to 0 to enable a user account. To carry out this task, the script performs the following steps:

  1. Set the ADS_UF_ACCOUNTDISABLE constant equal to the disabled flag in the userAccountControl attribute (used on line 8).

  2. Bind to the user account object by using the GetObject function and the LDAP provider.

  3. Create a variable, and initialize it to the integer value of the userAccountControl attribute.

  4. Use the bitwise AND operator to determine whether the flag is enabled.

  5. If the flag is enabled, use the XOR bitwise operator to disable it in the userAccountControl attribute of the user account object, thereby enabling the user account.

  6. Commit the change to the user account object in the local property cache to Active Directory.

Listing 7.9 Enabling a User Account by Modifying the ADS_UF_ACCOUNTDISABLE Flag

  
1
2
3
4
5
6
7
8
9
10


Const ADS_UF_ACCOUNTDISABLE = 2

Set objUser = GetObject _
 ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
intUAC = objUser.Get("userAccountControl")

If intUAC AND ADS_UF_ACCOUNTDISABLE Then
 objUser.Put "userAccountControl", intUAC XOR ADS_UF_ACCOUNTDISABLE
 objUser.SetInfo
End If

Listing 7.10 contains a script that disables a user account. To carry out this task, the script performs the following steps:

  1. Set the ADS_UF_ACCOUNTDISABLE constant equal to the disabled flag in the userAccountControl attribute (used on line 7).

  2. Bind to the user account object by using the GetObject function and the LDAP provider.

  3. Create a variable, and initialize it to the integer value of the userAccountControl attribute.

  4. Use the bitwise OR operator to enable ADS_UF_ACCOUNTDISABLE in the userAccountControl attribute, thereby disabling the user account.

  5. Commit the change to the user account object in the local property cache to Active Directory.

Listing 7.10 Disabling a User Account by Modifying the ADS_UF_ACCOUNTDISABLE Flag

  
1
2
3
4
5
6
7
8


Const ADS_UF_ACCOUNTDISABLE = 2

Set objUser = GetObject _
 ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
intUAC = objUser.Get("userAccountControl")

objUser.Put "userAccountControl", intUAC OR ADS_UF_ACCOUNTDISABLE
objUser.SetInfo

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft