[LDAP] Oude gebruikers vinden

DomainName = inputbox("Domain name")

limit = inputbox("Enter max age")
DeleteMode = Msgbox("Do you wish to run in disable mode?", vbYesNo)

'****************Setup Log file******************************************************

Set fso = CreateObject("Scripting.FileSystemObject")
'The 8 in this line will append to an existing file, replace with a 2 to override
set txtStream = fso.OpenTextFile("System.txt", 8, True)
txtStream.WriteLine "Ran on " & Date & " *******************************"

'****************Setup ADSI connection and populate ADSI Collection******************

Set objADOconnADSI = CreateObject("ADODB.Connection")
objADOconnADSI.Open "Provider=ADsDSOObject;"
Set objCommandADSI = CreateObject("ADODB.Command")
objCommandADSI.ActiveConnection = objADOconnADSI
'there is a 1000 object default if these next 2 lines are omited.
objCommandADSI.Properties("Size Limit")= 10000
objCommandADSI.Properties("Page Size")= 10000
objCommandADSI.Properties("Sort on") = "sAMAccountName"
objCommandADSI.CommandText = "<LDAP://" & DomainName & ">;(objectClass=computer);sAMAccountName,pwdLastSet,name,distinguishedname;subtree"
Set objRSADSI = objCommandADSI.Execute

'Loop through record set and compare password age*************************************

do while NOT objRSADSI.EOF
if not isnull(objRSADSI.Fields("distinguishedname")) and objRSADSI.Fields("distinguishedname") <> "" then
objDate = objRSADSI.Fields("PwdLastSet")
'Go to function to make sense of the PwdLastSet value from AD for the machine account.
dtmPwdLastSet = Integer8Date(objDate, lngBias)
'calculate the current age of the password.
DiffADate = DateDiff("d", dtmPwdLastSet, Now)
'Is the password older than the specified age.
if DiffADate > int(limit) then
'Are we running in delete mode or not.
if DeleteMode = vbYes then
'Ask if this machine account should be deleted from AD.
intReturn = Msgbox("Are you sure you want to disable this computer account?", vbYesNo, "Disable " & objRSADSI.Fields("name"))
'If yes then write info to log file and then delete it else just log it.
If intReturn = vbYes Then
Set objComputer = GetObject("LDAP://" & objRSADSI.Fields("distinguishedname"))
strComputer = objComputer.CN
txtStream.WriteLine objRSADSI.Fields("name") & ";" & dtmPwdLastSet & ";" & DiffADate & " -- Disabled"
objComputer.AccountDisabled = True
objComputer.SetInfo
else
txtStream.WriteLine objRSADSI.Fields("name") & ";" & dtmPwdLastSet & ";" & DiffADate & " -- Not Disabled"
End If
else
'If running in list only mode then just write entry to log file and move on to next record.
txtStream.WriteLine objRSADSI.Fields("name") & ";" & dtmPwdLastSet & ";" & DiffADate & " -- List Only"
end if
end if
end if
objRSADSI.MoveNext
loop
wscript.echo "Done!"

'I found this function and it seems to work greate. I don't pretend to fully understand it though.
'I don't know who wrote it or I would give them credit.
Function Integer8Date(objDate, lngBias)
' Function to convert Integer8 (64-bit) value to a date, adjusted for
' local time zone bias.
Dim lngAdjust, lngDate, lngHigh, lngLow
lngAdjust = lngBias
lngHigh = objDate.HighPart
lngLow = objdate.LowPart
' Account for bug in IADslargeInteger property methods.
If lngLow < 0 Then
lngHigh = lngHigh + 1
End If
If (lngHigh = 0) And (lngLow = 0) Then
lngAdjust = 0
End If
lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
+ lngLow) / 600000000 - lngAdjust) / 1440
Integer8Date = CDate(lngDate)
End Function