Group Policy to Disbale Users

[Sav]

Is there a way that I can create a group Policy that is linked to an OU
inwhich when I move a user to that OU the policy will automatcially disable
that user? For example, If I have an OU called "Disabled Users" every user I
add to this OU will be disabled.

 

[Hank Arnold]

Nice idea.... Hope it can be done.....

Regards,
Hank Arnold

 

[Jorge de Almeida Pinto [MVP - DS]]

not with AD by default...

what you could do is create a batch file and create a scheduled task that
regularly checks for enabled users. When found, it should disable the users

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx

 

[Kurt Roggen]

Schedule a script on a dc that runs every x time.
It's job: disable all account found in your OU "Disabled Users"

Script could like this:
On Error Resume Next

Const ADS_UF_ACCOUNTDISABLE = 2
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D

Set objOU = GetObject ("LDAP://ou=Disabled
Users,cn=Users,dc=NA,dc=fabrikam,dc=com")
ObjOU.Filter= Array("user")

For Each objUser in objOU
objUser.Put "userAccountControl", intUAC OR ADS_UF_ACCOUNTDISABLE
objUser.SetInfo
Next

 

[Kurt Roggen]

Oeps, missed this posting.
Batch could be using dsquery.exe to get users and redirect output as input
for dsmod.exe
dsquery user "params" | dsmod user "params"
--
Kurt Roggen
http://blogontheweb.com/roggenk


"Jorge de Almeida Pinto [MVP - DS]"