Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Mass *Account Deleted* tidy up

Status
Not open for further replies.
grabrail

grabrail

Technical User
Aug 15, 2001
269
GB
I have a bit of a problem with AD

We have around 5000 user accounts, and we have Exchange on the network.

abotu half of all of our accounts were migrated from an old domain to the current domain and the old domain no longer exists.

Now we are having some issue, mostly with old deleted accounts. e.g. with a lot of the migrated accounts, if we go to the Exchange Advanced tab, and click mailbox rights, it hangs for ages, eventually comes up and shows a load of *Accoutns Deleted*

Is there a way to tidy up AD so that all these deleted accounts and old doman accounts no longer show?

 
Sort by date Sort by votes
I would imagine that a lot of these accounts are flowing down from top level, so I'd take a look at XC organisation and server level security and see if you can remove some of them there.
e.g. Exchange admins for the old domain, old BES account etc. etc.


Also top-level AD rights, same story.

Neill
 
Upvote 0 Downvote
its pretty simple to build a clean up script with vbscript

you simply need to identify a "stale" days count (aka, how many days before an account is considered too old and should be disabled), and a deletion days count (how many days since last use before the account should be deleted).
Typically this is 90 for disabling, and 120 for deleting.

All you need to do is examine each user account's pwdLastSet and lastLogonTimeStamp (if on Win2003 in Win2003 domain/forest functional mode...otherwise must hit each DC and examine lastLogon attribute), then adjust the time epoch to make up for daylight savings and convert to the local machine time (local = where the script is being ran), then subtract the number of days for stale and deleted users, then use some if statements to clear those accounts out of the picture.

would give you sample code, but dont have the utility i built to do this with me (what i built is designed to do this maintenance full time as a scheduled task on the PDCe).

-Brandon Wilson
MCSE:Security00/03
MCSA:Messaging00
MCSA:Security03
A+

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
316
goombawaho
goombawaho
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
264
DrB0b
DrB0b
Scparks
  • Locked
  • Question
Trouble with setting up a SMTP Relay to Office 365
Replies
0
Views
93
Scparks
Scparks
lacked
  • Locked
  • Question
problem with windows update on windows server 2016
Replies
1
Views
94
maybeimaleo
maybeimaleo
maybeimaleo
  • Locked
  • Question
Is There a Best Windows OS to Upgrade a CA Server to?
Replies
5
Views
139
maybeimaleo
maybeimaleo

Part and Inventory Search

Sponsor

Back
Top