Useraccountcontrol script



Keywords: vbscript, script, example, sample, tutorial, useraccountcontrol, useraccountcontrol 512, useraccountcontrol 514, enable account, active directory, user accounts
Description: Example scripts of user Account Control method in VBScript for Windows 2003 Server. Samples to enable accounts with userAccountControl = 512

When a new account is born, especially if you created it with CSVDE, it will be disabled. By resetting the userAccountControl to 512, you can enable any Active Directory account. However, there is another factor, and that is giving the enabled account a password so that its user can logon.

Our mission is provide the users with a valid logon name and password. To be successful, we must not only enable the account, but also set a suitable password. What my Example script will do is enable not one account, but enable all accounts in a particular OU. The crucial command userAccountControl = 512.

Because of Windows 2003's increased security, our script may encounter obstacles. For example, the default Domain Group Policy demands complex passwords with at least 8 characters. Indeed, if the Domain policy enforces 8 characters and we try to enable an account with a null password, the result is this error message, 'The server is unwilling to process the request.' Fortunately, we have the answer, we can script a new password at the same time we enable the account. We can even set the accounts so that users must change their password at first logon.

Either, you could logon as an administrator (best), or you could run this script on an XP machine as a non-administrator. I do believe in making life easy, so avoid complications and try Remote Desktop, rather than executing the script from an XP or other client.

  1. You should run this VBScript on a Windows Active Directory domain.
  2. Copy and paste the example script below into notepad or a VBScript editor.
  3. Decide whether to change the value for strContainer. Naturally, to be effective you need to create a user or two in the OU specified by strContainer.
  4. Save the file with a .vbs extension, for example: UserAccountControl .vbs.
  5. Double click UserAccountControl .vbs and check the Users container for strUser.

Note 1: UserAccountControl needs a numeric value in order to set the account. The two common values for user accounts are: 512 = enable and 514 = disable account. If you are scripting computer accounts substitute a value of 4096. See more on creating computer accounts here.

Note 2: Purely for testing, I suggest setting userAccountControl = 514. Then open up Active Directory Users and Computers at the OU that corresponds to strContainer. What you are looking for is a red X over the account. Naturally, you could enable the accounts by setting the value back to 512 and running the script again. Incidentally, Active Directory Users and Computers does not always refresh with F5, so right-click and select Refresh from the shortcut menu.

Note 3: Do you remember the goal? Our task is to change all accounts in the OU, therefore, observe how VBScript cycles through the "User" .class of objects with the For each. Next, loop.

Import users from a spreadsheet, complete with their mailbox. Just provide a list of the users with the fields in the top row, and save as .csv file. Then launch this FREE utility, match your Exchange fields with AD's attributes, click and import the users. Optionally, you can provide the name of the OU where the new mailboxes will be born.

  1. Bulk-import new users and mailboxes into Active Directory.
  2. Seek and zap unwanted user accounts.
  3. Find inactive computers.

Note 1: Study lines 32-36 and examine the three commands needed to get the result we want. While the password method uses .SetPassword, the other two properties, userAccountControl and PwdLastSet, require the .Put method.

Note 2: The optional extra section launches the Active Directory Users and Computers snap-in. My idea is twofold, to show that the script has completed, and also to point you where to check what has happened.

The main purpose of userAccountControl is to enable or disable accounts. For users, a value of 512 enables the account, while a value of 514 disables the account and prevents them logging on. Computers also need a value for userAccountControl, in their case the number is 4096.






Photogallery Useraccountcontrol script:


User-Accounts.png


User Account Control Whitelisting - Attix5 Pro FAQ


How To Disable User Account Control Uac In Windows 8 Photos


clan8blog | Everything you thought I already knew


Deploying Group Policy Using Windows Vista


Script to Create an Overview of all Computer Objects in a Domain ...


AD stale users report


AggreGate Documentation


FAQ - AutoIt Wiki


Hiding the logon welcome screen on Windows 7


How to Disable User Account Control in Windows Server 2012 - Nimbo


How to Disable and/or Turn Off User Account Control (UAC) in ...


Running SRM Server Commands With Specific Credentials - VMware ...


How to automate Lync Client 2010 deployment in multi architect ...


Disabling User Account Control in Windows 8 - Yash's Blog - Site ...


Script to Create a Report on the Primary Groups (primaryGroupID ...


Disabling User Account Control in Windows 8 - Yash's Blog - Site ...


Script to create a Kerberos Token Size Report | J House Consulting ...


Searching the Registry with PowerShell | Scripting content from ...