+ Post New Thread
Results 1 to 6 of 6
Windows Server 2008 R2 Thread, Automatically disbale unused user accounts and manage old computer accounts in Technical; Hi, I was wondering if anyone has a system to automatically disables old user accounts please? Also on a similar ...
  1. #1

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,942
    Thank Post
    886
    Thanked 1,694 Times in 1,472 Posts
    Blog Entries
    12
    Rep Power
    447

    Automatically disbale unused user accounts and manage old computer accounts

    Hi,

    I was wondering if anyone has a system to automatically disables old user accounts please? Also on a similar note does anyone use anything that will flag up unused computer accounts?

    Thanks

  2. #2
    TheScarfedOne's Avatar
    Join Date
    Apr 2007
    Location
    Plymouth, Devon
    Posts
    1,219
    Thank Post
    597
    Thanked 158 Times in 143 Posts
    Blog Entries
    78
    Rep Power
    80
    I did something about this on my blog a while ago. A nice bit of powershell, which you could set as a scheduled task for automation...

  3. #3

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,942
    Thank Post
    886
    Thanked 1,694 Times in 1,472 Posts
    Blog Entries
    12
    Rep Power
    447
    Your blogs are very handy, i should check through them all some time

    Thanks

  4. #4

    Join Date
    Dec 2007
    Location
    cumbria
    Posts
    182
    Thank Post
    7
    Thanked 43 Times in 39 Posts
    Rep Power
    25
    Try this ...
    OldCmp

  5. #5

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Quote Originally Posted by tumbleweed View Post
    Try this ...
    OldCmp
    I've used that for long time.

    I did something about this on my blog a while ago. A nice bit of powershell,
    Just looked, is it this?

    get-qadcomputer -IncludeAllProperties | Where-Object { $_.lastlogon -lt (get-date).AddDays(-90) }

    Saying this feels a little pedantic, I've never used Quest so can't comment on what that does behind the scenes, and it's been ages since I looked at this area so I can't comment on what happens for Server 2008 functional level, but sometimes it's useful to know that...

    A potential very occasional problem is that the AD attribute "lastLogon" does not replicate. For the most part it doesn't matter, but if that cmdlet only talks to one DC then in some circumstances the lastLogon can be misleading. Comps on site that start up every day might be a day or two out of date, because they logged on to a different DC today. The results for comps that aren't on the network very often can occasionally give a lastLogon that is months older than the value on another machine. If you want the very best result you need to query all DCs and pick the newest lastLogon for any given comp.

    OldCmp use lastLogonTimstamp which does replicate so you can do this on just one DC, but that attribute doesn't get updated every time a comp logs on - it's a similar concept to the no-refresh interval for DNS scavenging for the same reasons i.e. to prevent replication traffic. But in principle, in the worst case a comp may have logged on up to two weeks more recently than the value in lastLogonTimestamp.
    Last edited by PiqueABoo; 23rd January 2012 at 10:24 AM.

  6. #6

    fiza's Avatar
    Join Date
    Dec 2008
    Location
    London
    Posts
    2,121
    Thank Post
    413
    Thanked 313 Times in 264 Posts
    Rep Power
    152
    Ive been looking for something similar. I came across Solarwinds but havent tried it yet. Might be worth a look?

    FREE AD Admin Tools

  7. Thanks to fiza from:

    PiqueABoo (23rd January 2012)

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 4
    Last Post: 15th November 2010, 11:13 AM
  2. Replies: 4
    Last Post: 3rd August 2010, 11:05 AM
  3. Network Printers automatically added to user accounts
    By Olliegami in forum Windows Server 2000/2003
    Replies: 6
    Last Post: 9th June 2010, 12:23 PM
  4. Win 2K3 Svr and user accounts
    By welshrt in forum Windows Server 2000/2003
    Replies: 0
    Last Post: 12th May 2010, 11:38 PM
  5. Replies: 0
    Last Post: 29th August 2009, 12:39 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •