Need simple script to detect & disable inactive AD user accounts

Discussion in 'Scripting' started by Lanwench [MVP - Exchange], Dec 10, 2009.

  1. Hiya - for a W2003 (not R2) domain with two DCs, I'm being asked to
    automatically disable user accounts that have not been used within x days.
    This would be for one or two specific OUs only.

    I've been looking around but haven't found much that looks like it will do
    the trick. I'd like to run this script as a scheduled task once daily, and
    I'd like it to output results & actions to a log (heck, as long as I'm at
    it, I'd like it to output to the event log too. And I'd like a pony. But a
    simple text log file will suffice).

    Any ideas? I've poked around on the illustrious Mr. Mueller's site & on the
    MS scripting site but I am not seeing anything that will do this...
    Lanwench [MVP - Exchange], Dec 10, 2009
  2. "Lanwench [MVP - Exchange]"
    Highly recommended is Joe Richards' free oldcmp utility. See this link:

    Originally designed to cleanup old computer accounts, but works equally well
    handling user accounts. The utility has command line help, but you can also
    view the usage link at the bottom of the above page.
    Richard Mueller [MVP], Dec 11, 2009
  3. Thanks, Richard. I know that utlilty (and I know Mr. Richards!) but I forgot
    it could do more than just report as that's all I've ever used it for. I'll
    try it :)
    Lanwench [MVP - Exchange], Dec 11, 2009
  4. "Lanwench [MVP - Exchange]"
    I think most admins use -disable first, then after awhile use -delete. Note
    too the safety features, so you really have to be sure before it modifies
    too many objects.
    Richard Mueller [MVP], Dec 11, 2009
  5. Lanwench [MVP - Exchange]


    Dec 13, 2011
    Is there a reason that you need to use a script (e.g., because you don't have the budget for a third-party solution)? If you have permission to use a foreign tool, i recommend the freeware version of netwix inactive users tracker for this task. It's what we use to detect and and report on stale AD accounts, and we find it particularly useful because it doesn't cost anything. Worth a look.
    Jesse1113, Mar 7, 2012
