Chapter 3. User Management

Hacks #25-35

A large part of day-to-day administration of an Active Directory environment is managing users and their accounts. The usual way of doing this is with the Active Directory Users and Computers (ADUC) console, but when it comes to organizations with thousands of users, this tool can be frustrating to use.

This chapter is about alternatives to ADUC—ways of doing things faster using scripts. You’ll find scripts to display information about users, find specific users on your network, change user passwords, unlock user accounts, get a list of disabled accounts, display which groups a user belongs to, and more. If you’re familiar with VBScript, you can also customize these scripts further to meet the specific needs of your own networking environment.

For all these scripts, make sure you have the latest scripting engines on the workstation from which you run the script. You can download the latest scripting engines from the Microsoft Scripting home page ( Also, when working with the Active Directory Services Interface (ADSI), you must have the same applicable rights you need to use the built-in administrative tools. For more information, see Microsoft’s ADSI web page (

Search for Domain Users

Programmatically search for a user in a mixed Windows NT/2000 environment.

If you are in the process of migrating from Windows NT to Windows ...

Get Windows Server Hacks now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.