29/11/2021 08:08 Find and Disable Inactive Computers in Active Directory · GitHub

Instantly share code, notes, and snippets.

andyzib / ADInactiveComputers.vbs
Created 9 years ago

Star

Code
Revisions
1

Find and Disable Inactive Computers in Active Directory

ADInactiveComputers.vbs

1 ' VBScript that searches an OU (and it's sub OUs) for inactive computer accounts.
2 ' If it finds inactive computer accounts, they are disabled and a comment is added.
3 ' Uses DSQuery.exe, which is part of Windows XP or Windows Server 2003
4
5 ' Written by Andrew Zbikowski <andyzib@gmail.com>
6
7 Option Explicit
8
9 ' Objects
10 Dim objShell, objScriptExec, objComputer
11
12 Set objShell = CreateObject("WScript.Shell") ' Create Shell Object.
13
14 Dim intCount
15
16 Dim strOutput, strCommand, strOU, strQuery, strLDAP, strDesc, strHostname ' Strings
17
18 Dim arrNames, arrNamesExceptions ' Arrays
19
20 ' =====================================================================
21 ' Configuration
22 ' =====================================================================
23 ' OU to check (Sub OUs will be checked as well.)
24 strOU = """ou=MyOU,dc=CONTOSO,dc=COM"""
25
26 ' List of computers that won't be checked. Linux & MacOS computers
27 ' joined to AD don't always update their AD accounts.
28 arrNamesExceptions = array()
29 'arrNamesExceptions = array("COMPUTER01", "COMPUTER02", "COMPUTER03", _
30 ' "COMPUTER04", "COMPUTER05", "COMPUTER06", _
31 ' "COMPUTER07", "COMPUTER08", "COMPUTER09" _
32 ' )

33 ' =====================================================================
34 ' End of Configuration. No further edits should be required.

https://gist.github.com/andyzib/4218253 1/3
29/11/2021 08:08 Find and Disable Inactive Computers in Active Directory · GitHub
35 ' =====================================================================
36
37 ' The command to run.
38 strCommand = "c:\windows\system32\dsquery.exe computer -stalepwd 90 -limit 0 "
39
40 strQuery = strCommand & strOU ' Full Query String.
41
42 set objScriptExec = objShell.Exec(strQuery) ' Execute the Query
43
44 ' Read output of the dsquery command into strOutput.
45 strOutput = objScriptExec.StdOut.ReadAll ' Read in command output.
46
47 arrNames = split(strOutput, VBCr) ' Split Output into an array
48
49 strOutput = "" ' strOutput will now be used for displaying output to the user.
50
51 ' strLDAP is the full LDAP name of the computer. without LDAP://
52 intCount = 0
53 For Each strLDAP in arrNames
54 strLDAP = Replace(strLDAP, VBCr, "")
55 strLDAP = Replace(strLDAP, VBlf, "")
56 On Error Resume Next ' Needed incase a computer doesn't have a description.
57 if Len(strLDAP) > 25 then ' DC=corp,DC=tcc,DC=inet is 22 characters, plus quote marks a
58 strHostname = GetHostName(strLDAP)
59 strLDAP = Replace(strLDAP, Chr(34), "") ' Remove quotation marks from strLDAP.
60 Set objComputer = GetObject("LDAP://" & strLDAP) ' Gets the computer object fro
61 If Not objComputer.AccountDisabled Then ' Don't disable computer accounts if th
62 if CheckExceptions(strHostname) then
63 strOutput = strOutput & strHostname & " is not active but is in
64 else
65 strDesc = objComputer.Get("description") ' Perserve existing de
66 ' Add reason for disabled object to description.
67 strDesc = strDesc & " Disabled on " & Date() & " after 90 days
68 objComputer.Put "description", strDesc ' Set the description on
69 objComputer.AccountDisabled = True ' Disable the computer objec
70 objComputer.SetInfo ' Save the changes to AD
71 strOutput = strOutput & "Disabled " & strHostname & VBCr ' Out
72 end if
73 Else
74 strOutput = strOutput & strHostname & " Already Disabled." & VBCr
75 End If
76 Set objComputer = Nothing ' Destroy the VB Script Computer object.
77 End if
78 strHostname = "" ' Clear current host name.
79 strDesc = "" ' Clear the description, or it will get ugly as this loops.
80 intCount = intCount + 1
81 ' This script can generate more output than MsgBox can display so
82 if intCount = 20 then
83 MsgBox strOutput, 64, "Results"
84 strOutput = ""

85 intCount = 0
86 end if

https://gist.github.com/andyzib/4218253 2/3
29/11/2021 08:08 Find and Disable Inactive Computers in Active Directory · GitHub
87 Next
88 MsgBox strOutput, 64, "Results"
89
90 ' Takes in the LDAP string from dsquery.exe and returns just the hostname.
91 function GetHostName(strDN)
92 Dim objRegExp, RegExpMatch, strHost ' Some variables.
93 Set objRegExp = New RegExp ' Regular Expression Object
94 With objRegExp
95 '.Pattern = "CN=(.+?),.+"
96 .Pattern = "^.+CN=(.+?),.+$"
97 .IgnoreCase = True
98 .Global = False
99 End With
100 Set RegExpMatch = objRegExp.Execute(strDN)
101 ' VBScript Regular Expressions could be better...
102 ' We should only get 1 match as Global property if false.
103 if RegExpMatch.Count = 1 Then
104 ' Item(0) is the first and only match.
105 strHost = RegExpMatch.Item(0).SubMatches(0)
106 Else
107 strOutput = strOutput & "Problem with RexExp match." & VBCr
108 strHost = FALSE
109 End if
110 Set RegExpMatch = Nothing
111 Set objRegExp = Nothing
112 'WScript.Echo "GetHostName Debug: " & strHost
113 GetHostName = strHost
114 End function
115
116 ' Returns true if strHostname is in the exception list.
117 function CheckExceptions(strCompName)
118 Dim strHost, MatchFound
119 MatchFound = FALSE
120 for each strHost in arrNamesExceptions
121 'if strcomp(LCase(strHost), LCase(strCompName)) then
122 if LCase(strHost) = LCase(strCompName) then
123 MatchFound = TRUE
124 end if
125 next
126 CheckExceptions = MatchFound
127 End Function

https://gist.github.com/andyzib/4218253 3/3