Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection
strBase = "<LDAP://ou=startou,dc=domain,dc=local>"
strFilter =
";(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))"
strAttributes = ";sAMAccountName,ADsPath"
strLevel = ";subtree"
strQuery = objCommand.CommandText = strBase & strFilter & strAttributes &
strLevel
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
Do Until objRecordSet.EOF
Wscript.Echo objRecordSet.Fields("sAMAccountName")
Set objUser = GetObject(objRS.Fields("ADsPath"))
intUAC = objUser.Get("userAccountControl")
objUser.Put "userAccountControl", intUAC XOR ADS_UF_DONT_EXPIRE_PASSWD
objUSer.SetInfo
objRecordSet.MoveNext
Loop
objConnection.Close
Set objRootDSE = Nothing
Set objCommand = Nothing
Set objConnection = Nothing
Set objRecordSet = Nothing
Beware, that you must specify rught starting OU, so that you dont change any
systemaccount.
--
Regards
Matjaz Ladava, MCSA, MCSE, MCT, MVP
Microsoft MVP Windows Server - Active Directory
(e-mail address removed), (e-mail address removed)