I would be careful about using has not logged on in X number of days. Some users my only authenticate against AD thus they would never log on. Try tracking against last password change. I assume you have policy in place that requires user must change the password every x number of days. There are many scripts if you google for them that would allow you to disable accounts. If you need a sample vbs or how to search based on a date filter please request.
Consider changing the Description of something on the user to the date and time the account was de-activated.
Rod
Leave a gap between your password change policy and your disable date.
Example
Change password every 60 Days
If Password not changed in 90 Days Account is disabled.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mulnick, Al
Sent: Tuesday, February 22, 2005 4:17 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Disabling Inactive Users
Personally I haven't seen a GPO for this but I'd like to hear of one if
available.
On my site I/we wrote an administrative script to handle this task that
basically scours the directory and spits out the accounts that haven't been
used on any DC in more than X days. Because of our system processes (don't
ask) we send that to the account team who merges it with other systems and
spits back the list they deem valid to be disabled. Another process then
handles the disabling of the accounts and spits out a report via email for
archival and reporting purposes.
Not a lot of code, but it had to work with the processes that couldn't be
changed.
Al
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Rogers, James
Sent: Tuesday, February 22, 2005 3:56 PM
To: ActiveDir@Mail.ActiveDir.org
Subject: [ActiveDir] Disabling Inactive Users
Is there a GPO setting (or some other path) to disable inactive users after
a specified period of time? In other words, I'd like to automatically
disable Joe User if he has not logged on in more than 90 days.
Thanks,
James R. Rogers
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
