What do you mean you can't query on lastLogonTimeStamp in oldcmp? If you use the -llts option (I'll let you guess what that stands for) it uses lastLogonTimeStamp for the aging instead of pwdLastSet.
joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Singler Sent: Tuesday, February 22, 2005 4:47 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Disabling Inactive Users AFAIK oldcmp will give you the lastLogonTimestamp (if you are w2k3 functional) but you can't query directly on that. the -age switch looks at pwdLastSet (it's possible that a user has not changed their password in +90 days but they login everyday - therefore they are not "inactive"). a manual method one could try is (watch wrap): adfind.exe -b dc=domain,dc=edu -f "&(objectcategory=person)(samaccountname=*)" -tdc lastLogon userPrincipalName -sort lastLogon >c:\inactive.log Then pass it through joe's perl csv converter. Then massage. Finally: disable using your fav method (dsmod comes to mind). see joeware.net for adfind Jorge de Almeida Pinto wrote: > HI, > > Try the following: http://www.joeware.net/win/free/tools/oldcmp.htm. > > I think it's not possible to use a GPO to do this. You could however > create a batch file using OLDCMP and schedule it to run each day/week > or whenever you want it > > Jorge > > -----Original Message----- > From: [EMAIL PROTECTED] > To: ActiveDir@Mail.ActiveDir.org > Sent: 2/22/2005 9:56 PM > Subject: [ActiveDir] Disabling Inactive Users > > Is there a GPO setting (or some other path) to disable inactive users > after a specified period of time? In other words, I'd like to > automatically disable Joe User if he has not logged on in more than 90 > days. > > Thanks, > James R. Rogers > > > This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
