For some AD accounts (resource mailboxes) it is not necessary to login.
It is a good idea to keep those accounts in a seperate OU.
This script disables all user objects in a given OU.
That way the resource mailbox will still function, only the AD account of this mailbox is no longer permitted to do logins.
For optimal security the script can be run daily (windows scheduler).
Follow the next steps to run the script (admin rights needed):
- open your favorite text editor
- copy and paste the script into the editor
- change the OU path to your specific situation
- save the script (for example c:\temp\disableloginresourcemailboxes.vbs)
- open a command prompt with administrative rights
- go to “c:\temp”
- give “cscript disableloginresourcemailboxes.vbs” (without quotes) and enter
The script:
' Name : disableloginresourcemailboxes.vbs
' Description : script to disable all user objects in an OU
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 20-01-2010
Set objOU = GetObject("LDAP://OU=TestOU,DC=test,DC=org")
For Each objUser In objOU
If objUser.class="user" then
objUser.AccountDisabled = True
objUser.SetInfo
End if
Next
Set objOU = Nothing
Recent Comments