When you finally take the plunge and decided that the only way to take your business to the next level is to setup a true client/server environment, here is a script to help you clean up those old accounts. When you convert to an Active Directory structure, you need to remove all the old local user accounts. This will reduce the security risks by removing accounts that you can’t force to conform to the rules setup by Group Policy. Also, if you were running these users as Administrators or Power Users and now have limited them down to a Standard user, without removing their old local accounts they may have elevated rights that they don’t need. Using this script you can query every computer in you Active Directory and get a list in CSV that you can use to know where that accounts are that need to be removed. In this script you can modify the output file so you can save the file where you want. You will also need to modify the Active Directory information to match your Domain configuration.
Tip: You can remotely connect other computers on your domain using “compmgmt.msc /computer:[remote computer]” from there you can manage user accounts in Local Users and Groups.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 | Const ADS_SCOPE_SUBTREE = 2Set objConnection = CreateObject("ADODB.Connection")Set objCommand = CreateObject("ADODB.Command")objConnection.Provider = "ADsDSOObject"objConnection.Open "MYDomainController" 'put domain controller hereSet objCOmmand.ActiveConnection = objConnectionobjCommand.CommandText = _ "Select Name, Location from LDAP://DC=subdomain,DC=zim,DC=local' " _ 'update this with your AD information & "Where objectClass='computer'" objCommand.Properties("Page Size") = 1000objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE Set objRecordSet = objCommand.ExecuteobjRecordSet.MoveFirstDo Until objRecordSet.EOF LocalUsers objRecordSet.Fields("Name").Value, "C:\localaccounts.csv" 'adjust output file name as needed objRecordSet.MoveNextLoopSub LocalUsers(strComputer, strFilename) On Error Resume Next Set StdOut = WScript.StdOut Set objFSO = CreateObject("scripting.filesystemobject") Set logStream = objFSO.opentextfile(strFilename, 8, True) Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv") If Err.Number Then logStream.writeline(strComputer & ",Offline") Err.Clear Else colAccounts.Filter = Array("user") For Each objUser In colAccounts logStream.writeline(strComputer & ",Online," & objUser.Name & "," & objUser.AccountDisabled) Next End If logStream.CloseEnd Sub |
