Discussion:
Need simple script to detect & disable inactive AD user accounts
(too old to reply)
Lanwench [MVP - Exchange]
2009-12-10 22:15:43 UTC
Permalink
Hiya - for a W2003 (not R2) domain with two DCs, I'm being asked to
automatically disable user accounts that have not been used within x days.
This would be for one or two specific OUs only.

I've been looking around but haven't found much that looks like it will do
the trick. I'd like to run this script as a scheduled task once daily, and
I'd like it to output results & actions to a log (heck, as long as I'm at
it, I'd like it to output to the event log too. And I'd like a pony. But a
simple text log file will suffice).

Any ideas? I've poked around on the illustrious Mr. Mueller's site & on the
MS scripting site but I am not seeing anything that will do this...
Richard Mueller [MVP]
2009-12-11 01:11:22 UTC
Permalink
"Lanwench [MVP - Exchange]"
Post by Lanwench [MVP - Exchange]
Hiya - for a W2003 (not R2) domain with two DCs, I'm being asked to
automatically disable user accounts that have not been used within x days.
This would be for one or two specific OUs only.
I've been looking around but haven't found much that looks like it will do
the trick. I'd like to run this script as a scheduled task once daily, and
I'd like it to output results & actions to a log (heck, as long as I'm at
it, I'd like it to output to the event log too. And I'd like a pony. But a
simple text log file will suffice).
Any ideas? I've poked around on the illustrious Mr. Mueller's site & on
the MS scripting site but I am not seeing anything that will do this...
Highly recommended is Joe Richards' free oldcmp utility. See this link:

http://www.joeware.net/freetools/tools/oldcmp/index.htm

Originally designed to cleanup old computer accounts, but works equally well
handling user accounts. The utility has command line help, but you can also
view the usage link at the bottom of the above page.
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Richard Mueller [MVP]
2009-12-11 03:50:56 UTC
Permalink
"Lanwench [MVP - Exchange]"
Post by Richard Mueller [MVP]
"Lanwench [MVP - Exchange]"
Post by Lanwench [MVP - Exchange]
Hiya - for a W2003 (not R2) domain with two DCs, I'm being asked to
automatically disable user accounts that have not been used within x
days. This would be for one or two specific OUs only.
I've been looking around but haven't found much that looks like it
will do the trick. I'd like to run this script as a scheduled task
once daily, and I'd like it to output results & actions to a log
(heck, as long as I'm at it, I'd like it to output to the event log
too. And I'd like a pony. But a simple text log file will suffice).
Any ideas? I've poked around on the illustrious Mr. Mueller's site &
on the MS scripting site but I am not seeing anything that will do
this...
http://www.joeware.net/freetools/tools/oldcmp/index.htm
Originally designed to cleanup old computer accounts, but works
equally well handling user accounts. The utility has command line
help, but you can also view the usage link at the bottom of the above
page.
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
Thanks, Richard. I know that utlilty (and I know Mr. Richards!) but I
forgot it could do more than just report as that's all I've ever used it
for. I'll try it :)
I think most admins use -disable first, then after awhile use -delete. Note
too the safety features, so you really have to be sure before it modifies
too many objects.
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Lanwench [MVP - Exchange]
2009-12-11 02:27:38 UTC
Permalink
Post by Richard Mueller [MVP]
"Lanwench [MVP - Exchange]"
Post by Lanwench [MVP - Exchange]
Hiya - for a W2003 (not R2) domain with two DCs, I'm being asked to
automatically disable user accounts that have not been used within x
days. This would be for one or two specific OUs only.
I've been looking around but haven't found much that looks like it
will do the trick. I'd like to run this script as a scheduled task
once daily, and I'd like it to output results & actions to a log
(heck, as long as I'm at it, I'd like it to output to the event log
too. And I'd like a pony. But a simple text log file will suffice).
Any ideas? I've poked around on the illustrious Mr. Mueller's site &
on the MS scripting site but I am not seeing anything that will do
this...
http://www.joeware.net/freetools/tools/oldcmp/index.htm
Originally designed to cleanup old computer accounts, but works
equally well handling user accounts. The utility has command line
help, but you can also view the usage link at the bottom of the above
page.
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
Thanks, Richard. I know that utlilty (and I know Mr. Richards!) but I forgot
it could do more than just report as that's all I've ever used it for. I'll
try it :)

Loading...