|
I'm trying to move disabled accounts in my active directory users OU. I'm getting a error message that says
Error: There is no such object on the server
Code: 80040E37
Source: Active Directory
I created a Test OU on the same level in active directory and I'm not having the same problem. Things work fine.
Error says it's from this line:
Set objRecordset = ObjCommand.Execute
Here's the code I'm using.
*************CODE*************
' Set Flag to enable the disabling and moving of unused accounts otherwise create
' log of accounts affected
' 1 - Will Disable and move accounts
' 0 - Will create ouput log only
bDisable=1
' Accounts that haven't been logged in for this amount of days are selected
iLogonDays=60
' LDAP Location of OUs to search for accounts
' LDAP location format eg: "OU=Users,OU=Test"
strSearchOU="OU=Users"
' Search depth to find users
' Use "OneLevel" for the specified OU only or "Subtree" to search all child OUs as well.
strSearchDepth="OneLevel"
' Location of new OU to move disabled user accounts to
' eg: "OU=Disabled_Accounts,OU=Test"
strNewOU="OU=Disabled_Accounts"
' Log file and error log file path
strLogPath=".\logs\"
' Error log file name appended with date and .err extension)
strErrorLog="DisabledAccounts_"
' Output log file name with date and .log extension)
strOutputLog="DisabledAccounts_"
sDate = Year(Now()) & Right("0" & Month(Now()), 2) & Right("0" & Day(Now()), 2)
Set oFSO=CreateObject("Scripting.FileSystemObject")
If Not oFSO.FolderExists(strLogPath) Then CreateFolder(strLogPath)
Set output=oFSO.CreateTextFile(strLogPath & strOutputLog & sDate & ".log")
Set errlog=oFSO.CreateTextFile(strLogPath & strErrorLog & sDate & ".err")
output.WriteLine "Sam Account Name" &vbTab& "LDAP Path" &vbTab& "Last Logon Date" &vbTab& _
"Date Created" &vbTab& "Home Directory"
errlog.WriteLine "Sam Account Name" &vbTab& "LDAP Path" &vbTab& "Problem" &vbTab& "Error"
Set rootDSE = GetObject("LDAP://rootDSE")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set ObjCommand = CreateObject("ADODB.Command")
ObjCommand.ActiveConnection = objConnection
ObjCommand.Properties("Page Size") = 10
DSEroot=rootDSE.Get("DefaultNamingContext")
Set objNewOU = GetObject("LDAP://" & strNewOU & "," & DSEroot)
ObjCommand.CommandText = "<ldap: "="" &="" strsearchou="" ","="" dseroot="" _
"="">;(&(objectClass=User)(objectcategory=Person));adspath;" & strSearchDepth
Set objRecordset = ObjCommand.Execute
On Error Resume Next
While Not objRecordset.EOF
LastLogon = Null
intLogonTime = Null
Set objUser=GetObject(objRecordset.fields("adspath"))
If DateDiff("d",objUser.WhenCreated,Now) > iLogonDays Then
Set objLogon=objUser.Get("lastlogontimestamp")
If Err.Number <> 0 Then
WriteError objUser, "Get LastLogon Failed"
DisableAccount objUser, "Never"
Else
intLogonTime = objLogon.HighPart * (2^32) + objLogon.LowPart
intLogonTime = intLogonTime / (60 * 10000000)
intLogonTime = intLogonTime / 1440
LastLogon=intLogonTime+#1/1/1601#
If DateDiff("d",LastLogon,Now) > iLogonDays Then
DisableAccount objUser, LastLogon
End If
End If
End If
WriteError objUser, "Unknown Error"
objRecordset.MoveNext
Wend
Sub CreateFolder( strPath )
If Not oFSO.FolderExists( oFSO.GetParentFolderName(strPath) ) Then Call _
CreateFolder( oFSO.GetParentFolderName(strPath) )
oFSO.CreateFolder( strPath )
End Sub
Sub DisableAccount( objUser, lastLogon )
On Error Resume Next
If bDisable <> 0 Then
If objUser.accountdisabled=False Then
objUser.accountdisabled=True
objUser.SetInfo
WriteError objUser, "Disable Account Failed"
objNewOU.MoveHere objUser.adspath, "CN="&objUser.CN
WriteError objUser, "Account Move Failed"
Else
Err.Raise 1,,"Account already disabled. User not moved."
WriteError objUser, "Disable Account Failed"
End If
End If
output.WriteLine objUser.samaccountname &vbTab& objUser.adspath &vbTab& lastLogon &vbTab& _
objUser.whencreated &vbTab& objUser.homedirectory
End Sub
Sub WriteError( objUser, strProblem )
If Err.Number <> 0 Then
errlog.WriteLine objUser.samaccountname &vbTab& objUser.adspath &vbTab& strProblem &vbTab& _
Replace(Err.Description,vbCrlf,"")
Err.Clear
End If
End Sub
*********END CODE**********
|
|
|
|
|
You might want to edit your post and put your code inside html PRE tags to make it readable, and hopefully, properly indented.
|
|
|
|
|
Added tags, thank you.
'=================================================================================
' Check all Active Directory accounts to determine what needs to be disabled.
' If LastLogonTimeStamp is Null and object is older than specified date, it is
' disabled and moved. If account has been used, but not within duration specified,
' it is disabled and moved. Does not move already disabled accounts
'==================================================================================
'==================================================================================
' Set Flag to enable the disabling and moving of unused accounts otherwise create
' log of accounts affected
' 1 - Will Disable and move accounts
' 0 - Will create ouput log only
bDisable=1
'=====================================================================================
' Accounts that haven't been logged in for this amount of days are selected
iLogonDays=60
'=======================================================================================
' LDAP Location of OUs to search for accounts
' LDAP location format eg: "OU=Users,OU=Test"
strSearchOU="OU=Users"
'========================================================================================
' Search depth to find users
' Use "OneLevel" for the specified OU only or "Subtree" to search all child OUs as well.
strSearchDepth="OneLevel"
'========================================================================================
' Location of new OU to move disabled user accounts to
' eg: "OU=Disabled_Accounts,OU=Test"
strNewOU="OU=Disabled_Accounts"
'=========================================================================================
' Log file and error log file path
strLogPath=".\logs\"
' Error log file name appended with date and .err extension)
strErrorLog="DisabledAccounts_"
' Output log file name with date and .log extension)
strOutputLog="DisabledAccounts_"
'==========================================================================================
sDate = Year(Now()) & Right("0" & Month(Now()), 2) & Right("0" & Day(Now()), 2)
Set oFSO=CreateObject("Scripting.FileSystemObject")
If Not oFSO.FolderExists(strLogPath) Then CreateFolder(strLogPath)
Set output=oFSO.CreateTextFile(strLogPath & strOutputLog & sDate & ".log")
Set errlog=oFSO.CreateTextFile(strLogPath & strErrorLog & sDate & ".err")
output.WriteLine "Sam Account Name" &vbTab& "LDAP Path" &vbTab& "Last Logon Date" &vbTab& _
"Date Created" &vbTab& "Home Directory"
errlog.WriteLine "Sam Account Name" &vbTab& "LDAP Path" &vbTab& "Problem" &vbTab& "Error"
'===========================================================================================
Set rootDSE = GetObject("LDAP://rootDSE")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set ObjCommand = CreateObject("ADODB.Command")
ObjCommand.ActiveConnection = objConnection
ObjCommand.Properties("Page Size") = 10
DSEroot=rootDSE.Get("DefaultNamingContext")
Set objNewOU = GetObject("LDAP://" & strNewOU & "," & DSEroot)
ObjCommand.CommandText = "<LDAP://" & strSearchOU & "," & DSEroot & _
">;(&(objectClass=User)(objectcategory=Person));adspath;" & strSearchDepth
Set objRecordset = ObjCommand.Execute
On Error Resume Next
While Not objRecordset.EOF
LastLogon = Null
intLogonTime = Null
Set objUser=GetObject(objRecordset.fields("adspath"))
If DateDiff("d",objUser.WhenCreated,Now) > iLogonDays Then
Set objLogon=objUser.Get("lastlogontimestamp")
If Err.Number <> 0 Then
WriteError objUser, "Get LastLogon Failed"
DisableAccount objUser, "Never"
Else
intLogonTime = objLogon.HighPart * (2^32) + objLogon.LowPart
intLogonTime = intLogonTime / (60 * 10000000)
intLogonTime = intLogonTime / 1440
LastLogon=intLogonTime+#1/1/1601#
If DateDiff("d",LastLogon,Now) > iLogonDays Then
DisableAccount objUser, LastLogon
End If
End If
End If
WriteError objUser, "Unknown Error"
objRecordset.MoveNext
Wend
Sub CreateFolder( strPath )
If Not oFSO.FolderExists( oFSO.GetParentFolderName(strPath) ) Then Call _
CreateFolder( oFSO.GetParentFolderName(strPath) )
oFSO.CreateFolder( strPath )
End Sub
Sub DisableAccount( objUser, lastLogon )
On Error Resume Next
If bDisable <> 0 Then
If objUser.accountdisabled=False Then
objUser.accountdisabled=True
objUser.SetInfo
WriteError objUser, "Disable Account Failed"
objNewOU.MoveHere objUser.adspath, "CN="&objUser.CN
WriteError objUser, "Account Move Failed"
Else
Err.Raise 1,,"Account already disabled. User not moved."
WriteError objUser, "Disable Account Failed"
End If
End If
output.WriteLine objUser.samaccountname &vbTab& objUser.adspath &vbTab& lastLogon &vbTab& _
objUser.whencreated &vbTab& objUser.homedirectory
End Sub
Sub WriteError( objUser, strProblem )
If Err.Number <> 0 Then
errlog.WriteLine objUser.samaccountname &vbTab& objUser.adspath &vbTab& strProblem &vbTab& _
Replace(Err.Description,vbCrlf,"")
Err.Clear
End If
End Sub
|
|
|
|
|
Sorry, it's been a busy day at work...
When you search AD, you need to search in a Container, not an OrganizationalUnit. Change your strSearchOU from "OU=Users" to "CN=Users" .
|
|
|
|
|
|
Now I've run into another issue, I get this error when running the script.
User LDAP://CN=First Last,CN=Users,DC=Domain, DC=local Get LastLogon Failed. The directory property cannot be found in the cache.
|
|
|
|
|