Using DSQUERY, DSGET, and DSRM, I have scripted
Disabled.bat to report all disabled user accounts, and optionally delete them.
The syntax for using Disabled.bat is:
Disabled \[/D\]
where /D is an optional parameter that will cause all disabled user accounts, that have a last name, to be deleted.
NOTE: Disabled.bat creates a Disabled.txt file in the current directory.
Disabled.bat contains:
@echo off if not \{%1\}\{\} if /i \{%1\} NEQ \{/D\} @echo syntax: Disabled /D&goto :EOF setlocal set delete=N if not \{%1\}
\{\} set delete=%1 if exist Disabled.txt del /q disabled.txt for /f "Tokens=*" %%u in ('dsquery user -disabled') do set UDN=%%u&call :disa endlocal goto :EOF :disa set LN= for /f "Skip=1 Tokens=*" %%i in ('dsget user %UDN% -ln') do if /i "%%i" NEQ "dsget succeeded" set LN=%%i# set LN=%LN: #=% set LN=%LN: #=% set LN=%LN:#=% if \{%LN%\} EQU \{\} goto :EOF if /i "%delete%" NEQ "/D" goto report call :del>nul 2>&1 if %ERRORLEVEL% EQU 0 goto report @echo %UDN% failed to delete.>>Disabled.txt goto :EOF :report @echo %UDN%>>Disabled.txt goto :EOF :del dsrm %UDN% -noprompt
0 comments
Hide comments