Discover & Disable Inactive User Accounts

This script serves two purposes. i) It 'audits' user accounts on a machine (or Domain) and logs those accounts that have been inactive for a specified amount of time. ii) It allows you to then disable user accounts based on inactivity.

This script serves two purposes. i) It 'audits' user accounts on a machine (or Domain) and logs those accounts that have been inactive for a specified amount of time. ii) It allows you to then disable user accounts based on inactivity.

The line Set GroupObj = GetObject("WinNT://MYDOMAINCONTROLLER/Users") determines the target machine, if you point this to an NT4 PDC, or a Win2k DC, then you have the ability to disable Domain Accounts. Otherwise, point it at a individual machine, to switch the focus to local user accounts.

The line If Diff >= 6 Then Flags = UserObj.Get("UserFlags") determines the number of weeks of inactivity to check for. Ive set this to 6 in the script below, but you can adjust this to suit your own needs.

The script will run on Win2k or NT4 (providing WSH components are installed)

 

DIM theDate

DIM UserObj

DIM Object

DIM GroupObj

Dim Flags

Dim Diff

Dim Result

Const UF_ACCOUNTDISABLE = &H0002

' Set this to TRUE to enable Logging only mode - no changes will be made

CONST LogOnly = TRUE

' Point to Object containing users to check

Set GroupObj = GetObject("WinNT://MYDOMAINCONTROLLER/Users")

On error resume next

For each Object in GroupObj.Members

' Find all User Objects Within Domain Users group (ignore machine accounts)

If (Object.Class = "User") and (instr(Object.Name, "$") = 0) then Set UserObj = GetObject(Object.ADsPath)

theDate = UserObj.get("LastLogin")

theDate = Left(theDate,8)

theDate = cdate(theDate)

' find difference in week between then and now

Diff = DateDiff("ww", theDate, Now)

' if 6 weeks or more then disable the account

If Diff >= 6 Then Flags = UserObj.Get("UserFlags")

IF (Flags AND UF_ACCOUNTDISABLE) = 0 Then

' Only disable accounts if LogOnly set to FALSE

If LogOnly = FALSE Then

UserObj.Put "UserFlags", Flags OR UF_ACCOUNTDISABLE

UserObj.SetInfo

End if

strName = UserObj.Name

result = Log(strName,Diff)

End If

end if

end if

Next

Set GroupObj = Nothing

 

Function Log(User,strDate)

' Constant for Log file path

CONST StrLogFile = "C:\UserMgr1.txt"

Set objFS = CreateObject("Scripting.FileSystemObject")

Set strTextStream = objFS.OpenTextFile(strLogFile, 8, true)

strTextStream.WriteLine("Account:" & vbTab & User & vbTab & "Inactive for:" & vbTab & strdate & vbatb & "Weeks" & vbtab & "Disabled on:" & vbTab & Date & vbTab & "at:" & vbTab & Time)

strTextStream.Close

Set objFS = Nothing

Set strTextStream = Nothing

End Function

Please note that this is provided 'as is' with no warranties i.e. dont blame me if it all goes wrong!