disabling MACHINE or COMPUTER accounts from the cmd line

[Dale]

I need to disable a bunch of machine accounts and would like to know if
there is a reskit or other untility that will let me batch script it. Keep
in mind, machine account and disable, not user accounts or deleting. TIV
Dale

 

[Jerold Schulman]

I need to disable a bunch of machine accounts and would like to know if
there is a reskit or other untility that will let me batch script it. Keep
in mind, machine account and disable, not user accounts or deleting. TIV
Dale

Yes.

See tip 6820 in the 'Tips & Tricks' at http://www.jsiinc.com

Description: Modifies an existing computer in the directory.
Syntax: dsmod computer <ComputerDN ...> [-desc <Description>]
[-loc <Location>] [-disabled {yes | no}] [-reset]
[{-s <Server> | -d <Domain>}] [-u <UserName>]
[-p {<Password> | *}] [-c] [-q] [{-uc | -uco | -uci}]
Parameters:

Value Description
<ComputerDN ...> Required/stdin. Distinguished names (DNs) of one
or more computers to modify.
If target objects are omitted they
will be taken from standard input (stdin)
to support piping of output from another command
to input of this command.
-desc <Description> Sets computer description to <Description>.
-loc <Location> Sets the location of the computer object to
<Location>.
-disabled {yes | no} Sets whether the computer account is disabled (yes)
or not (no).
-reset Resets computer account.
{-s <Server> | -d <Domain>}
-s <Server> connects to the domain controller (DC)
with name <Server>.
-d <Domain> connects to a DC in domain <Domain>.
Default: a DC in the logon domain.
-u <UserName> Connect as <UserName>. Default: the logged in user.
User name can be: user name, domain\user name,
or user principal name (UPN).
-p <Password> Password for the user <UserName>. If * then prompt
for password.
-c Continuous operation mode. Reports errors but
continues with next object in argument list when
multiple target objects are specified.
Without this option, the command exits on first
error.
-q Quiet mode: suppress all output to standard output.
{-uc | -uco | -uci} -uc Specifies that input from or output to pipe is
formatted in Unicode.
-uco Specifies that output to pipe or file is
formatted in Unicode.
-uci Specifies that input from pipe or file is
formatted in Unicode.

Remarks:
If a value that you supply contains spaces, use quotation marks
around the text
(for example, "CN=DC2,OU=Domain Controllers,DC=microsoft,DC=com").
If you enter multiple values, the values must be separated by spaces
(for example, a list of distinguished names).

Examples:
To disable multiple computer accounts:

dsmod computer CN=MemberServer1,CN=Computers,DC=microsoft,DC=com
CN=MemberServer2,CN=Computers,DC=microsoft,DC=com
-disabled yes


Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com

 

[Ray at]

Multi-posted. Answered in scripting.wsh

Ray at work

 

[Jerold Schulman]

I need to disable a bunch of machine accounts and would like to know if
there is a reskit or other untility that will let me batch script it. Keep
in mind, machine account and disable, not user accounts or deleting. TIV
Dale

You can use the hostname:

dsquery computer -name <hostname> | dsmod computer -disabled yes

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com

 

[Dale]

You can use the hostname:

dsquery computer -name <hostname> | dsmod computer -disabled yes

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com

Worked beautifully Jerry! You are the man.