Ravindra Kulkarni
Problem
You want to enable or disable a user account.
Solution
Using a graphical user interface
- Open the ADUC snap-in.
- In the left pane, right-click on the domain and select Find.
- Select the appropriate domain beside In.
- Type the name of the user beside Name and click Find Now.
- In the Search Results window, right-click on the user and select Enable Account to enable or Disable Account to disable.
- Click OK.
Using a command-line interface
To enable a user, use the following command:
> dsmod user <UserDN> -disabled no
To disable a user, use the following command:
> dsmod user <UserDN> -disabled yes
Using VBScript
' This code will enable or disable a user.
' ------ SCRIPT CONFIGURATION ------
' Set to FALSE to disable account or TRUE to enable account
strDisableAccount = FALSE
strUserDN = "<UserDN>" ' e.g. cn=jsmith,cn=Users,dc=rallencorp,dc=com
' ------ END CONFIGURATION --------
set objUser = GetObject("LDAP://" & strUserDN)
if objUser.AccountDisabled = TRUE then
WScript.Echo "Account for " & objUser.Get("cn") & " currently disabled"
if strDisableAccount = FALSE then
objUser.AccountDisabled = strDisableAccount
objUser.SetInfo
WScript.Echo "Account enabled"
end if
else
WScript.Echo "Account currently enabled"
if strDisableAccount = TRUE then
objUser.AccountDisabled = strDisableAccount
objUser.SetInfo
WScript.Echo "Account disabled"
end if
end if
Discussion
Account status is used to control whether a user is allowed to log on or not. When an account is disabled, the user is not allowed to log on to her workstation with the account or to access AD controlled resources.
There is an IADsUser:: AccountDisabled property that allows you to determine and change the status. Set the method FALSE to enable the account or trUE to disable.
IgNiTeD SoUL 