INACTIVE USERS

[CasDeTroy]

How can i find inactive user accounts (60 days) and weed
them out?

Is there any application that does this?

I am running a 3000 user AD and its killn to manually do
this..THx

 

[Steve]

I would use adsi to do this
for example Don Jones script to locate and disable user accounts from
Managing Windows with WMI and VBScript is like this
Script start

Dim dDate
Dim oUser
Dim oObject
Dim oGroup
Dim iFlags
Dim iDiff
Dim iResult
Const UF_ACCOUNTDISABLE = &H0002

'Set this to TRUE to enable Logging only mode -
'no changes will be made
CONST LogOnly = TRUE

'Point to oObject containing users to check
Set oGroup = GetObject("WinNT://MYDOMAINCONTROLLER/Domain Users")
On error resume next
For each oObject in oGroup.Members

'Find all User Objects Within Domain Users group
'(ignore machine accounts)
If (oObject.Class = "User") And _
(InStr(oObject.Name, "$") = 0) Then
Set oUser = GetObject(oObject.ADsPath)
End If

dDate = oUser.get("LastLogin")
dDate = Left(dDate,8)
dDate = CDate(dDate)

'find difference in weeks between then and now
iDiff = DateDiff("ww", dDate, Now)

'if 6 weeks or more then disable the account
If iDiff >= 6 Then
iFlags = oUser.Get("UserFlags")
End If

If (iFlags AND UF_ACCOUNTDISABLE) = 0 Then

' Only disable accounts if LogOnly set to FALSE
If LogOnly = False Then
oUser.Put "UserFlags", iFlags OR UF_ACCOUNTDISABLE
oUser.SetInfo
End if

sName = oUser.Name
iResult = Log(sName,iDiff)
End If
Next

Set oGroup = Nothing
MsgBox "All Done!"

Function Log(sUser,sDate)

'Constant for Log file path
CONST StrLogFile = "C:\UserMgr1.txt"

Set oFS = CreateObject("Scripting.FileSystemObject")
Set oTS = oFS.OpenTextFile(strLogFile, 8, True)
oTS.WriteLine("Account:" & vbTab & sUser & vbTab & _
"Inactive for:" & vbTab & sDate & vbTab & "Weeks" & _
vbTab & "Disabled on:" & vbTab & Date & vbTab & "at:" & _
vbTab & Time)
oTS.Close
Set oFS = Nothing
Set oTS = Nothing

End Function

script end

adsi scriptomatic details here
http://www.microsoft.com/technet/community/scriptcenter/tools/admatic.mspx

hth
regards steve

 

[Andrew Mitchell]

How can i find inactive user accounts (60 days) and weed
them out?

Is there any application that does this?

I am running a 3000 user AD and its killn to manually do
this..THx

The standard Active Directory Users and Computers MMC plugin can do this.
Right-click Queries then select New/Query.
Give the query a name (eg Accounts inactive for 60 days) then click Define
Query
In the 'Name' dropdown, select "Has a value" and in the "Days since last
logon" type 60.

You can then select all of the accounts that the query finds and deactivate,
delete or move them as you wish.

 

[Paul Bergson]

This requires AD 2003

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Andrew Mitchell]

This requires AD 2003

Not necessarily. It only requires the 2003 adminpak which is required on a
Windows XP workstation anyway, even if managing a Windows 2000 domain.

 

[Cary Shultz [A.D. MVP]]

You can also use Joe Richard's awesome tool oldcmp. Sure, it looks like it
is for computer account objects - but with a simple filter ( the '-r'
filter ) you can use this for user account objects...You would go to
http://www.joeware.net and look in the free WIN32 C++ tools.

Cary

 

[Joe Richards [MVP]]

That is incorrect.

If you are telling the query tool to get the acccounts that haven't logged on in
x days through the 2003 aduc you must be in 2K3 domain mode because it relies on
an attribute called lastlogontimestamp which is not available on 2000 domains.

The actual query would look something like:

(&(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com)(objectClass=user)
(lastLogonTimestamp<=127360517538788576))

 

[CAsDeTroy]

Where in active directory users & compluters do i find
this query

 

[Joe Richards [MVP]]

Requires 2k3 and the 2k3 management pack and you will see saved queries and you
can create a new query there with that easy pick.