Need simple script to detect & disable inactive AD user accounts

Hiya - for a W2003 (not R2) domain with two DCs, I'm being asked to
automatically disable user accounts that have not been used within x days.
This would be for one or two specific OUs only.

I've been looking around but haven't found much that looks like it will do
the trick. I'd like to run this script as a scheduled task once daily, and
I'd like it to output results & actions to a log (heck, as long as I'm at
it, I'd like it to output to the event log too. And I'd like a pony. But a
simple text log file will suffice).

Any ideas? I've poked around on the illustrious Mr. Mueller's site & on the
MS scripting site but I am not seeing anything that will do this...

"Lanwench [MVP - Exchange]"
< hoo.com> wrote in message
news:...
> Hiya - for a W2003 (not R2) domain with two DCs, I'm being asked to
> automatically disable user accounts that have not been used within x days.
> This would be for one or two specific OUs only.
>
> I've been looking around but haven't found much that looks like it will do
> the trick. I'd like to run this script as a scheduled task once daily, and
> I'd like it to output results & actions to a log (heck, as long as I'm at
> it, I'd like it to output to the event log too. And I'd like a pony. But a
> simple text log file will suffice).
>
> Any ideas? I've poked around on the illustrious Mr. Mueller's site & on
> the MS scripting site but I am not seeing anything that will do this...
>

Highly recommended is Joe Richards' free oldcmp utility. See this link:

http://www.joeware.net/freetools/tools/oldcmp/index.htm

Originally designed to cleanup old computer accounts, but works equally well
handling user accounts. The utility has command line help, but you can also
view the usage link at the bottom of the above page.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

Richard Mueller [MVP] <rlmueller-> wrote:
> "Lanwench [MVP - Exchange]"
> < hoo.com> wrote in
> message news:...
>> Hiya - for a W2003 (not R2) domain with two DCs, I'm being asked to
>> automatically disable user accounts that have not been used within x
>> days. This would be for one or two specific OUs only.
>>
>> I've been looking around but haven't found much that looks like it
>> will do the trick. I'd like to run this script as a scheduled task
>> once daily, and I'd like it to output results & actions to a log
>> (heck, as long as I'm at it, I'd like it to output to the event log
>> too. And I'd like a pony. But a simple text log file will suffice).
>>
>> Any ideas? I've poked around on the illustrious Mr. Mueller's site &
>> on the MS scripting site but I am not seeing anything that will do
>> this...
>
> Highly recommended is Joe Richards' free oldcmp utility. See this
> link:
> http://www.joeware.net/freetools/tools/oldcmp/index.htm
>
> Originally designed to cleanup old computer accounts, but works
> equally well handling user accounts. The utility has command line
> help, but you can also view the usage link at the bottom of the above
> page.
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net

Thanks, Richard. I know that utlilty (and I know Mr. Richards!) but I forgot
it could do more than just report as that's all I've ever used it for. I'll
try it

"Lanwench [MVP - Exchange]"
< hoo.com> wrote in message
news:...
> Richard Mueller [MVP] <rlmueller-> wrote:
>> "Lanwench [MVP - Exchange]"
>> < hoo.com> wrote in
>> message news:...
>>> Hiya - for a W2003 (not R2) domain with two DCs, I'm being asked to
>>> automatically disable user accounts that have not been used within x
>>> days. This would be for one or two specific OUs only.
>>>
>>> I've been looking around but haven't found much that looks like it
>>> will do the trick. I'd like to run this script as a scheduled task
>>> once daily, and I'd like it to output results & actions to a log
>>> (heck, as long as I'm at it, I'd like it to output to the event log
>>> too. And I'd like a pony. But a simple text log file will suffice).
>>>
>>> Any ideas? I've poked around on the illustrious Mr. Mueller's site &
>>> on the MS scripting site but I am not seeing anything that will do
>>> this...
>>
>> Highly recommended is Joe Richards' free oldcmp utility. See this
>> link:
>> http://www.joeware.net/freetools/tools/oldcmp/index.htm
>>
>> Originally designed to cleanup old computer accounts, but works
>> equally well handling user accounts. The utility has command line
>> help, but you can also view the usage link at the bottom of the above
>> page.
>> --
>> Richard Mueller
>> MVP Directory Services
>> Hilltop Lab - http://www.rlmueller.net
>
> Thanks, Richard. I know that utlilty (and I know Mr. Richards!) but I
> forgot it could do more than just report as that's all I've ever used it
> for. I'll try it
>
>

I think most admins use -disable first, then after awhile use -delete. Note
too the safety features, so you really have to be sure before it modifies
too many objects.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

Is there a reason that you need to use a script (e.g., because you don't have the budget for a third-party solution)? If you have permission to use a foreign tool, i recommend the freeware version of netwix inactive users tracker for this task. It's what we use to detect and and report on stale AD accounts, and we find it particularly useful because it doesn't cost anything. Worth a look.