Latest revision as of 13:51, 21 July 2020

Knowledge Base

How to Remove Multiple Expired User Accounts from Windows NT

Article ID: 251334

Article Last Modified on 8/8/2007

APPLIES TO

Microsoft Windows NT 4.0 Service Pack 3
Microsoft Windows NT 4.0 Service Pack 4
Microsoft Windows NT 4.0 Service Pack 5
Microsoft Windows NT 4.0 Service Pack 6
Microsoft Windows NT 4.0 Service Pack 6a
Microsoft Windows NT 4.0 Service Pack 4
Microsoft Windows NT 4.0 Service Pack 5
Microsoft Windows NT 4.0 Service Pack 6
Microsoft Windows NT 4.0 Service Pack 6a
Microsoft Windows NT Workstation 4.0 Developer Edition
Microsoft Windows 95
Microsoft Windows 98 Standard Edition
Microsoft Windows 98 Second Edition

This article was previously published under Q251334

SUMMARY

Windows NT 4.0 Server and the Windows NT 4.0 Resource Kit do not provide a way to remove expired accounts in Windows NT Domains automatically. You can use the Windows Scripting Host (WSH), Visual Basic Script (VBScript), and Active Directory Services Interface ADSI) to automate this process.

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.

MORE INFORMATION

You can run the following script from any computer that is logged onto a Domain with administrative privileges.

Prerequisites

The following items are required to use the script in this article:

If you use Microsoft Windows 95, you are required to use Microsoft Internet Explorer 4.0 or later with WSH and ADSI installed.
If you use Microsoft Windows 98, you are required to install ADSI and we recommend you install the latest version of WSH.
If you use Windows NT, you are required to install Windows NT 4.0 Service Pack 3 or later, Internet Explorer 4.0 or later, and ADSI.

Sample Script DELEXPUSR.VBS

'\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 
'\\ 
'\\  DATE 1-14-2000
'\\ 
'\\  DELEXPUSR.VBS
'\\ 
'\\  Script is used to delete all user accounts on a domain in which the 
'\\  AccountExpirationDate has passed. Without using the /delete command it will only 
'\\  List the accounts that need to be deleted.
'\\ 
'\\  CSCRIPT DELEXPUSR.VBS domain /delete
'\\ 
'\\  domain  = Target Domain
'\\ 
'\\  /delete =  Delete will actually delete the user account from the same
'\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 


dim objarg 
dim tDomain

set objarg = wscript.arguments

If objarg.count = 0 then
    Wscript.Echo "Domain Parameter Missing" 
    Wscript.quit
end if

'Command line args 
ptr = 0
testflag = true
Do until ptr  = objarg.count    
select case ucase(objarg(ptr))
case "/DELETE"
    testflag = False 
end select
    ptr = ptr +1
Loop

tdomain = objarg(0)

set oDom = GetObject("WinNT://" & tdomain & ",domain")
oDom.filter = Array("User")

On Error Resume Next

'Look through each user record if account is expired delete the account
For each oUser in Odom  
    tAccountexp = oUser.AccountExpirationDate   
    if err <> 0 then
        tAccountexp = 1
    else
        tAccountexp = oUser.AccountExpirationDate
    end if
    err.clear

    'compare the result to today;  if result is negative then tAccountexp is later than
    'today.
    if tAccountexp = 1 then
        result = 1
    else
        result = DateDiff("d",now,tAccountexp)
    end if 
    if result < 0 then 
        if ouser.name <> "Administrator" or ouser.name <> "Admin" then
            ' insert check here later for testing for membership to Domain Admins group
            if testflag then
                wscript.echo "User: " & ouser.name & ". Expiration: " & oUser.accountexpirationdate 
            else
                wscript.echo "Deleting User: " & ouser.name & ". Expiration: " & oUser.accountexpirationdate
                call oDom.delete("User",ouser.name) ' Delete the user the date is in the past
            end if 
        end if
    else 
        wscript.echo "User: " & oUser.name & " - Account Current"
    end if
next

This script is designed to be used on a Windows NT 4.0 domain. It is not designed or intended to be used on a Microsoft Windows 2000 domain.

REFERENCES

For more information about Active Directory Services Interface (ADSI) and where to download it, click the following link:

http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/default.mspx

For more information about Windows Scripting Host (WSH) and Scripting Languages, click the following link:

http://msdn2.microsoft.com/en-us/library/ms950396.aspx

To download Internet Explorer, click the following link:

http://www.microsoft.com/ie

To download Windows NT Services, click the following link:

http://www.microsoft.com/Windows/ServicePacks

Additional query words: KBHOWTO Delete remove multiple expired user accounts WSH ADSI

Keywords: kbenv kbhowto kbqfe KB251334

Microsoft KB Archive/251334: Difference between revisions