Yes, the program as written documents all locked out user accounts in the
I had to think about this. Determining if an account is locked out can be
difficult. I used a trick to make it easy. I used the IsAccountLocked
property method exposed by the IADsUser interface of the WinNT provider. The
same property method exposed by the LDAP provider is not reliable and should
not be used. As far as I can tell, the WinNT version is OK. This makes it
easy to quickly find all locked out users.
The WinNT provider is blind to the hierarchy of AD. It does not recognize
OU's. However, the program continues by querying every Domain Controller to
find other properties of the locked out users. These queries can be limited
to the users in a specified OU. The program will then only output the
results for the users in the OU.
The solution is to modify the base of the ADO queries. The following
strBase = ""
should be modified for your specific OU, similar to:
strBase = ""
The value between the "/" and the ">" characters should be the full
Distinguished Name of the OU. I hope this helps.
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
"Gustavo" discussions.microsoft.com> wrote in message
> Thanks a lot Richard, that script is great, just another question, I see
> code and think that this is for the whole domain, isn't it?, but if I want
> run this code only for OU, where can I change the string?, and thanks
> "Richard Mueller [MVP]" wrote:
>> Gustavo wrote:
>>> Hi, I need a list to get the users accounts that are locked out, I do
>>> know anything about scripting and I did find this code in microsoft's
>>> center, please help me to get this information, thanks.