6.12. Enabling and Disabling a User

Problem

You want to enable or disable a user.

Solution

Using a graphical user interface

  1. Open the Active Directory Users and Computers snap-in.

  2. In the left pane, right-click on the domain and select Find.

  3. Select the appropriate domain beside In.

  4. Type the name of the user beside Name and click Find Now.

  5. In the Search Results, right-click on the user and select Enable Account to enable or Disable Account to disable.

  6. Click OK.

Using a command-line interface

To enable a user, use the following command:

> dsmod user <UserDN> -disabled no

To disable a user, use the following command:

> dsmod user <UserDN> -disabled yes

Using VBScript

' This code will enable or disable a user.
' ------ SCRIPT CONFIGURATION ------
' Set to FALSE to disable account or TRUE to enable account
strDisableAccount = FALSE  
strUserDN = "<UserDN>" ' e.g. cn=jsmith,cn=Users,dc=rallencorp,dc=com
' ------ END CONFIGURATION ---------

set objUser = GetObject("LDAP://" & strUserDN)
if objUser.AccountDisabled = TRUE then
   WScript.Echo "Account for " & objUser.Get("cn") & " currently disabled"
   if strDisableAccount = FALSE then
      objUser.AccountDisabled = strDisableAccount
      objUser.SetInfo
      WScript.Echo "Account enabled"
   end if
else
   WScript.Echo "Account currently enabled"
   if strDisableAccount = TRUE then
      objUser.AccountDisabled = strDisableAccount
      objUser.SetInfo
      WScript.Echo "Account disabled"
   end if
end if

Discussion

Account status is used to control if a user is allowed to log on or not. When an account ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial