Q. How can I create a file that contains all user profiles that were created before a specific date?

A. Recently, I had a client who had an organizational unit (OU) that served as a temporary holding container for recently created user accounts. Ideally, the OU shouldn't hold accounts for more than one month. Over time, the OU had accumulated more than 50,000 accounts, and the client wanted to delete from it all accounts older than 60 days.

I used a two-phase approach to meet the client's request. First, I created a text file (userlist.txt) to hold a list of all the accounts older than 60 days. The entries in the file are distinguished name (DN) of objects. Then, I wrote the listusersolder.vbs script, which used the information in that file to output the list of accounts that are more than 60 days old. I used another script, which I provide in the FAQ "How can I delete from Active Directory (AD) user accounts that are listed in a file?" (FAQ), to delete all accounts in the file. You can download listusersolder.vbs at Code. Save the script as listusersolder.vbs. Remember to modify the script to include information specific to your installation.

' John Savill 19 August 2004
Option Explicit

Dim strFilePath, strLdapPath, strDate, objFSO, objFile, objConnection,
objChild, dtmCreate, selectedDate

' Check that all required arguments have been passed.
If Wscript.Arguments.Count   required. _
    For example:" & vbCrLf & "cscript listusersolder.vbs _
    ou=test,dc=demo,dc=test 6/10/2004 c:\temp\UserList.txt"
End If

strLdapPath = Wscript.Arguments(0)
strDate = Wscript.Arguments(1)
selectedDate = DateValue(strDate)

strFilePath = Wscript.Arguments(2)

Set objFSO = CreateObject("Scripting.FileSystemObject")

' Open the file for write access.
On Error Resume Next
Set objFile = objFSO.OpenTextFile(strFilePath, 2, True, 0)
If Err.Number  0 Then
    On Error GoTo 0
    Wscript.Echo "File " & strFilePath & " cannot be opened"
End If
On Error GoTo 0

Set objConnection = GetObject("LDAP://" & strLdapPath)
objConnection.Filter = Array("user")

For Each objChild In objConnection
    objChild.GetInfoEx Array("createTimeStamp"), 0
    dtmCreate = objChild.Get("createTimeStamp")

    if dtmCreate 

To run listusersolder.vbs, you pass it the name of a root-level container to check for accounts older than the date passed, an "older-than" date, and the name of a file to output the old accounts to, as the following sample command shows:

cscript listusersolder.vbs ou=testing,dc=demo,dc=local 6/10/2004 c:\temp\list.txt

You'll see output on screen that's similar to this:

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

CN=Barry Allen 6/2/2004 10:59:32 PM *
CN=Bruce Wayne 6/11/2004 6:30:40 PM
CN=Clark Kent 6/2/2004 10:55:14 PM *
CN=DeleteMe 8/19/2004 4:02:04 PM
Operation Completed

Notice that any account that was created before 6/10/2004 has an asterisk (*) next to it. The contents of the list.txt file look like the following:

CN=Barry Allen,OU=testing,DC=demo,DC=local|6/2/2004 10:59:32 PM
CN=Clark Kent,OU=testing,DC=demo,DC=local|6/2/2004 10:55:14 PM

In the text file, a pipe character (|) separates the account and its creation time.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.