Firstly, get the user object with:
var objUser = GetObject("LDAP://cn=username,ou=users,dc=example,dc=com");
With this object, you can query any attributes of the user.
var disabled = objUser.AccountDisabled; // True when the account is disabled
var firstname = objUser.givenname; // Returns the users first name.
A List of attributes can be found here.
Some of the more difficult attributes to query are “memberof” which displays the group memberships, and “lockouttime” which is how long they have been locked out for.
var memberof = VBArray(objUser.GetEx("memberof")).toArray();
With lockouttime the number is a 64-bit number, which requires a Highpart and Lowpart to access the whole number.
This code will get the lock out time:
var lockouttime = objUser.lockouttime;
var locktimems = Math.abs(lockouttime.HighPart) * Math.pow(2,32) + Math.abs(lockouttime.LowPart); //locktimems now has the time that the account is locked out until in milliseconds.
More garbage from me later !
Sorry about the late reply, been busy 🙂
Yes, I was able to query AD information from AD via this script.
Took some hacking around but it did work in the end 🙂