6.12. Enabling and Disabling a User
Problem
You want to enable or disable a user.
Solution
Using a graphical user interface
Open the Active Directory Users and Computers snap-in.
In the left pane, right-click on the domain and select Find.
Select the appropriate domain beside In.
Type the name of the user beside Name and click Find Now.
In the Search Results, right-click on the user and select Enable Account to enable or Disable Account to disable.
Click OK.
Using a command-line interface
To enable a user, use the following command:
> dsmod user <UserDN
> -disabled no
To disable a user, use the following command:
> dsmod user <UserDN
> -disabled yes
Using VBScript
' This code will enable or disable a user.
' ------ SCRIPT CONFIGURATION ------
' Set to FALSE to disable account or TRUE to enable account
strDisableAccount = FALSE
strUserDN = "<UserDN
>" ' e.g. cn=jsmith,cn=Users,dc=rallencorp,dc=com
' ------ END CONFIGURATION ---------
set objUser = GetObject("LDAP://" & strUserDN)
if objUser.AccountDisabled = TRUE then
WScript.Echo "Account for " & objUser.Get("cn") & " currently disabled"
if strDisableAccount = FALSE then
objUser.AccountDisabled = strDisableAccount
objUser.SetInfo
WScript.Echo "Account enabled"
end if
else
WScript.Echo "Account currently enabled"
if strDisableAccount = TRUE then
objUser.AccountDisabled = strDisableAccount
objUser.SetInfo
WScript.Echo "Account disabled"
end if
end if
Discussion
Account status is used to control if a user is allowed to log on or not. When an account ...
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.