Disabling Active Directory User Accounts, Part 1

For a few years now I’ve been using a custom VBScript to disable AD accounts when employees leave the organization.  The script was pieced together from some things I knew how to do and others I was able to find elsewhere.  The script performed the following tasks:

• Disabled the specified AD account
• Hid the mailbox from the Global Address List
• Removed the account from all groups it was a member of
• Created a text file log of all groups the account was a member of
• Set the password to be changed at the next login
• Set the disable date in the “Title” field (an unused field in my organization)
• Set the RAS settings to disabled

After our upgrade to Exchange Server 2007 earlier this year I noticed that the script was not functioning fully the way it should have.  Specifically, the hiding of the mailbox from the GAL was not occurring.  Sure, if you looked at the mailbox of an account that had been disabled using the script in the Exchange Management Console, the check box to hide the mailbox from the GAL was checked, but just the same the mailbox was not really hidden from the GAL.

So to correct this issue, I wrote a new script in Powershell (requires the Exchange Management Shell snapin) script that would perform all of the same actions except setting the RAS attribute to disabled.

Both scripts are attached, and annotated where I remembered where certain portions of the script or ideas came from.  The VBScript should be able to be run without any changes unless you want to change what it does.  The Powershell (Exchange Management Shell) script should only require one change in the variable $domain as shown here:  $domain = LDAP://dc=mydomain,dc=local.

VBScript version: 

  disable_accounts_single.zip (1.7 KiB, 1,409 hits)

Powershell (Exchange Management Shell) version: 

  Disable-ADAccounts.zip (1.8 KiB, 1,200 hits)

Comments

• 

• Translator

• Categories

  • Active Directory (13)
  • Certification (2)
  • Data Protection Manager 2007 (7)
  • Exchange Server 2007 (26)
  • Microsoft Office Communications Server 2007 (1)
  • Networking (3)
  • Operations Manager (24)
  • PKI & Certificate Services (2)
  • Powershell (10)
  • Server Hardware (5)
  • Storage (4)
  • Visual Basic Script (3)
  • Windows Server 2003 (6)
  • Windows Server 2008 (4)

• Tag Cloud

  • Active Directory | AD LDS | ADAM | Agents | Alerts | antivirus | bug | C-Class Blades | CCR | Certification | Cisco | Cluster | Clustering | Data Protection Manager 2007 | Data Warehouse | DBCreateWizard | dbdsutil | DHCP | DNS | Doh! | Error 5 | EVA | Event Logs | Exchange | Exchange Server 2007 | Fibre Channel | ForeFront | HBA | Health Service | HP | iLo | IMAP | Management | Management Pack | MOSS | Operations Manager | Overrides | PKI & Certificate Services | Powershell | Printers | Reboot | Recipients | Registry | robocopy | Root Server | SAN | Scripting | SDDL | secedit | Self Tuning Threshold | Servers | Sharepoint | SMTP | SSL | strange | Terminal Services | Tools | Updates | Virtualization | VPN | VSS | Whitepaper | Windows Server 2008 |

• Blogroll

  • Ramblings of the Mad Cow

• Archives

  • September 2009
  • August 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008

• Users Online

  • 3 Users Online