Is it possible to configure active directory on Windows 2000 to automatically disable users that haven't logged in for X number of days or weeks or whatever? Our sales department is way high turnover, and they never ever tell me when people leave. It would be nice if they would auto-disable. I realize that's not perfect, but it would be better than it is now. I could maybe write a script, but I can't even see a last logon date in the account information to use as a key. Any suggestions?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Can 2000 active directory auto disable after X days no logon?
- Thread starter jmille34
- Start date
WhoKilledKenny
MIS
Yes, you can expire and disable accounts via Domain Security Policy.
I expiring and disabling accounts requires knowing which ones are OK to set.
I'd do this with VBScript. You can query each ID for last logon date and if it is more than your predetermined time you could then disable the account. Make sure you take into account vacations and maternity leave when setting your threshold.
I've done scripted applications for customers that will move the account, mark a deletion date in the description and disable the account. A second script runs daily to check the deletion dates in the disabled accounts OU and deletes accounts that have been disabled for 90 days.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
I'd do this with VBScript. You can query each ID for last logon date and if it is more than your predetermined time you could then disable the account. Make sure you take into account vacations and maternity leave when setting your threshold.
I've done scripted applications for customers that will move the account, mark a deletion date in the description and disable the account. A second script runs daily to check the deletion dates in the disabled accounts OU and deletes accounts that have been disabled for 90 days.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
- Status
Similar threads
- Locked
- Question
