Microsoft KB Archive/251334

= How to Remove Multiple Expired User Accounts from Windows NT =

Article ID: 251334

Article Last Modified on 8/8/2007

-

APPLIES TO


 * Microsoft Windows NT 4.0 Service Pack 3
 * Microsoft Windows NT 4.0 Service Pack 4
 * Microsoft Windows NT 4.0 Service Pack 5
 * Microsoft Windows NT 4.0 Service Pack 6
 * Microsoft Windows NT 4.0 Service Pack 6a
 * Microsoft Windows NT 4.0 Service Pack 4
 * Microsoft Windows NT 4.0 Service Pack 5
 * Microsoft Windows NT 4.0 Service Pack 6
 * Microsoft Windows NT 4.0 Service Pack 6a
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows 95
 * Microsoft Windows 98 Standard Edition
 * Microsoft Windows 98 Second Edition

-



This article was previously published under Q251334



SUMMARY
Windows NT 4.0 Server and the Windows NT 4.0 Resource Kit do not provide a way to remove expired accounts in Windows NT Domains automatically. You can use the Windows Scripting Host (WSH), Visual Basic Script (VBScript), and Active Directory Services Interface ADSI) to automate this process.

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.



MORE INFORMATION
You can run the following script from any computer that is logged onto a Domain with administrative privileges.

Prerequisites
The following items are required to use the script in this article:
 * If you use Microsoft Windows 95, you are required to use Microsoft Internet Explorer 4.0 or later with WSH and ADSI installed.
 * If you use Microsoft Windows 98, you are required to install ADSI and we recommend you install the latest version of WSH.
 * If you use Windows NT, you are required to install Windows NT 4.0 Service Pack 3 or later, Internet Explorer 4.0 or later, and ADSI.

Sample Script DELEXPUSR.VBS
'\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ '\\ '\\ DATE 1-14-2000 '\\ '\\ DELEXPUSR.VBS '\\ '\\ Script is used to delete all user accounts on a domain in which the '\\ AccountExpirationDate has passed. Without using the /delete command it will only '\\ List the accounts that need to be deleted. '\\ '\\ CSCRIPT DELEXPUSR.VBS domain /delete '\\ '\\ domain  = Target Domain '\\ '\\ /delete =  Delete will actually delete the user account from the same '\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

dim objarg dim tDomain

set objarg = wscript.arguments

If objarg.count = 0 then Wscript.Echo "Domain Parameter Missing" Wscript.quit end if

'Command line args ptr = 0 testflag = true Do until ptr = objarg.count select case ucase(objarg(ptr)) case "/DELETE" testflag = False end select ptr = ptr +1 Loop

tdomain = objarg(0)

set oDom = GetObject("WinNT://" & tdomain & ",domain") oDom.filter = Array("User")

On Error Resume Next

'Look through each user record if account is expired delete the account For each oUser in Odom tAccountexp = oUser.AccountExpirationDate if err <> 0 then tAccountexp = 1 else tAccountexp = oUser.AccountExpirationDate end if   err.clear

'compare the result to today; if result is negative then tAccountexp is later than 'today. if tAccountexp = 1 then result = 1 else result = DateDiff("d",now,tAccountexp) end if    if result < 0 then if ouser.name <> "Administrator" or ouser.name <> "Admin" then ' insert check here later for testing for membership to Domain Admins group if testflag then wscript.echo "User: " & ouser.name & ". Expiration: " & oUser.accountexpirationdate else wscript.echo "Deleting User: " & ouser.name & ". Expiration: " & oUser.accountexpirationdate call oDom.delete("User",ouser.name) ' Delete the user the date is in the past end if        end if    else wscript.echo "User: " & oUser.name & " - Account Current" end if next This script is designed to be used on a Windows NT 4.0 domain. It is not designed or intended to be used on a Microsoft Windows 2000 domain.

