|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Automatically disable expired user accountsHi. Is it possible or is there a utility that will automatically disable a
user account after it has expired. For example, disable the account after 30 days of expiration. You comments are appreciated. Thanks! I suspect a little more information would be helpful here.
If the account is expired, why do you want to disable it as well? Why not delete it altogether? Can you give more information about the flow you're trying to achieve? This sounds like an ID management detail, but... Show quoteHide quote "Richard" <rdu***@hotmail.com> wrote in message news:uC4AL4pLGHA.140@TK2MSFTNGP12.phx.gbl... > Hi. Is it possible or is there a utility that will automatically disable > a user account after it has expired. For example, disable the account > after 30 days of expiration. You comments are appreciated. Thanks! > > > Look at oldcmp. It is a utility from Joe Richards. He might know a thing
or two about how AD works. I might suggest that you go to his web site (http://www.joeware.net) and download all of his utilities. Now, the name of the utility is oldcmp. That sounds suspiciously like something for computers. Well, it does handle computer account objects. It can also do user account objects. You just need to change the default filter from computers to users. Also, adfind might help you. I have yet to use that utility (well, if I have it has been awhile!) but a lot of people swear by it. -- Show quoteHide quoteCary W. Shultz Roanoke, VA 24012 "Richard" <rdu***@hotmail.com> wrote in message news:uC4AL4pLGHA.140@TK2MSFTNGP12.phx.gbl... > Hi. Is it possible or is there a utility that will automatically disable > a user account after it has expired. For example, disable the account > after 30 days of expiration. You comments are appreciated. Thanks! > > > I **might** know a thing or two????
Yes oldcmp can be used here, to switch the filter you simply use the -users switch. The name is unfortunate but the initial build of the app was simply to manage old computers. The tool was such a runaway hit that people started asking for it to handle users as well so I hacked it in there. I am actually working on a completely new version called OldOBJ which will be able to handle ANY objects with shortcuts for handling users, computers, contacts, and groups. I intend for it to come in three flavors, OldOBJcli which is command line, OldOBJgui which is GUI, and OldOBJsvc which will be a service. None will be free like oldcmp though as there will be huge improvements in how it does things including being multi-threaded and chasing across all DCs in the domain as needed for info like lastLogon, etc. joe -- Show quoteHide quoteJoe Richards Microsoft MVP Windows Server Directory Services Author of O'Reilly Active Directory Third Edition www.joeware.net ---O'Reilly Active Directory Third Edition now available--- http://www.joeware.net/win/ad3e.htm Cary Shultz wrote: > Look at oldcmp. It is a utility from Joe Richards. He might know a thing > or two about how AD works. I might suggest that you go to his web site > (http://www.joeware.net) and download all of his utilities. > > Now, the name of the utility is oldcmp. That sounds suspiciously like > something for computers. Well, it does handle computer account objects. It > can also do user account objects. You just need to change the default > filter from computers to users. > > Also, adfind might help you. I have yet to use that utility (well, if I > have it has been awhile!) but a lot of people swear by it. > Yes,
Haven't you ever heard that saying? When someone really knows pretty much everything about a topic or subject someone else will say, "Yeah. I might listen to him/her. He/she might know a thing or two about xxxxxxxx". Let us know when OldOBJ is finished. I sure that there will be plenty of people interested. I know I will be! -- Show quoteHide quoteCary W. Shultz Roanoke, VA 24012 "Joe Richards [MVP]" <humorexpr***@hotmail.com> wrote in message news:uWjEPtzLGHA.3276@TK2MSFTNGP09.phx.gbl... >I **might** know a thing or two???? > > Yes oldcmp can be used here, to switch the filter you simply use > the -users switch. The name is unfortunate but the initial build of the > app was simply to manage old computers. The tool was such a runaway hit > that people started asking for it to handle users as well so I hacked it > in there. > > I am actually working on a completely new version called OldOBJ which will > be able to handle ANY objects with shortcuts for handling users, > computers, contacts, and groups. I intend for it to come in three flavors, > OldOBJcli which is command line, OldOBJgui which is GUI, and OldOBJsvc > which will be a service. None will be free like oldcmp though as there > will be huge improvements in how it does things including being > multi-threaded and chasing across all DCs in the domain as needed for info > like lastLogon, etc. > > joe > > > -- > Joe Richards Microsoft MVP Windows Server Directory Services > Author of O'Reilly Active Directory Third Edition > www.joeware.net > > > ---O'Reilly Active Directory Third Edition now available--- > > http://www.joeware.net/win/ad3e.htm > > > > Cary Shultz wrote: >> Look at oldcmp. It is a utility from Joe Richards. He might know a >> thing or two about how AD works. I might suggest that you go to his web >> site (http://www.joeware.net) and download all of his utilities. >> >> Now, the name of the utility is oldcmp. That sounds suspiciously like >> something for computers. Well, it does handle computer account objects. >> It can also do user account objects. You just need to change the default >> filter from computers to users. >> >> Also, adfind might help you. I have yet to use that utility (well, if I >> have it has been awhile!) but a lot of people swear by it. >> Thanks guys! Will definitely try Joe's "oldcmp" tool and check out is
website as well. To answer Al's question, it's hard to indentify in AD which accounts have expired without going through the accounts. AD doesn't give any indicator unless the accounts are disabled. Show quoteHide quote "Cary Shultz" <cwshu***@mvps.org> wrote in message news:%23Esm5C0LGHA.2416@TK2MSFTNGP15.phx.gbl... > Yes, > > Haven't you ever heard that saying? When someone really knows pretty much > everything about a topic or subject someone else will say, "Yeah. I might > listen to him/her. He/she might know a thing or two about xxxxxxxx". > > Let us know when OldOBJ is finished. I sure that there will be plenty of > people interested. I know I will be! > -- > Cary W. Shultz > Roanoke, VA 24012 > "Joe Richards [MVP]" <humorexpr***@hotmail.com> wrote in message > news:uWjEPtzLGHA.3276@TK2MSFTNGP09.phx.gbl... >>I **might** know a thing or two???? >> >> Yes oldcmp can be used here, to switch the filter you simply use >> the -users switch. The name is unfortunate but the initial build of the >> app was simply to manage old computers. The tool was such a runaway hit >> that people started asking for it to handle users as well so I hacked it >> in there. >> >> I am actually working on a completely new version called OldOBJ which >> will be able to handle ANY objects with shortcuts for handling users, >> computers, contacts, and groups. I intend for it to come in three >> flavors, OldOBJcli which is command line, OldOBJgui which is GUI, and >> OldOBJsvc which will be a service. None will be free like oldcmp though >> as there will be huge improvements in how it does things including being >> multi-threaded and chasing across all DCs in the domain as needed for >> info like lastLogon, etc. >> >> joe >> >> >> -- >> Joe Richards Microsoft MVP Windows Server Directory Services >> Author of O'Reilly Active Directory Third Edition >> www.joeware.net >> >> >> ---O'Reilly Active Directory Third Edition now available--- >> >> http://www.joeware.net/win/ad3e.htm >> >> >> >> Cary Shultz wrote: >>> Look at oldcmp. It is a utility from Joe Richards. He might know a >>> thing or two about how AD works. I might suggest that you go to his web >>> site (http://www.joeware.net) and download all of his utilities. >>> >>> Now, the name of the utility is oldcmp. That sounds suspiciously like >>> something for computers. Well, it does handle computer account objects. >>> It can also do user account objects. You just need to change the >>> default filter from computers to users. >>> >>> Also, adfind might help you. I have yet to use that utility (well, if I >>> have it has been awhile!) but a lot of people swear by it. >>> > > FYI:
http://www.joeware.net/win/free/tools/findexpacc.htm http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/a_msds_user_account_control_computed.asp http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/user_object_user_interface_mapping.asp http://www.rallenhome.com/books/adcookbook/src/06.26-find_users_about_to_expire.pls.txt In case it helps. Al Show quoteHide quote "richard" <rdu***@hotmail.com> wrote in message news:eejgkySMGHA.2316@TK2MSFTNGP11.phx.gbl... > Thanks guys! Will definitely try Joe's "oldcmp" tool and check out is > website as well. To answer Al's question, it's hard to indentify in AD > which accounts have expired without going through the accounts. AD > doesn't give any indicator unless the accounts are disabled. > > > > > "Cary Shultz" <cwshu***@mvps.org> wrote in message > news:%23Esm5C0LGHA.2416@TK2MSFTNGP15.phx.gbl... >> Yes, >> >> Haven't you ever heard that saying? When someone really knows pretty >> much everything about a topic or subject someone else will say, "Yeah. I >> might listen to him/her. He/she might know a thing or two about >> xxxxxxxx". >> >> Let us know when OldOBJ is finished. I sure that there will be plenty of >> people interested. I know I will be! >> -- >> Cary W. Shultz >> Roanoke, VA 24012 >> "Joe Richards [MVP]" <humorexpr***@hotmail.com> wrote in message >> news:uWjEPtzLGHA.3276@TK2MSFTNGP09.phx.gbl... >>>I **might** know a thing or two???? >>> >>> Yes oldcmp can be used here, to switch the filter you simply use >>> the -users switch. The name is unfortunate but the initial build of the >>> app was simply to manage old computers. The tool was such a runaway hit >>> that people started asking for it to handle users as well so I hacked it >>> in there. >>> >>> I am actually working on a completely new version called OldOBJ which >>> will be able to handle ANY objects with shortcuts for handling users, >>> computers, contacts, and groups. I intend for it to come in three >>> flavors, OldOBJcli which is command line, OldOBJgui which is GUI, and >>> OldOBJsvc which will be a service. None will be free like oldcmp though >>> as there will be huge improvements in how it does things including being >>> multi-threaded and chasing across all DCs in the domain as needed for >>> info like lastLogon, etc. >>> >>> joe >>> >>> >>> -- >>> Joe Richards Microsoft MVP Windows Server Directory Services >>> Author of O'Reilly Active Directory Third Edition >>> www.joeware.net >>> >>> >>> ---O'Reilly Active Directory Third Edition now available--- >>> >>> http://www.joeware.net/win/ad3e.htm >>> >>> >>> >>> Cary Shultz wrote: >>>> Look at oldcmp. It is a utility from Joe Richards. He might know a >>>> thing or two about how AD works. I might suggest that you go to his >>>> web site (http://www.joeware.net) and download all of his utilities. >>>> >>>> Now, the name of the utility is oldcmp. That sounds suspiciously like >>>> something for computers. Well, it does handle computer account >>>> objects. It can also do user account objects. You just need to change >>>> the default filter from computers to users. >>>> >>>> Also, adfind might help you. I have yet to use that utility (well, if >>>> I have it has been awhile!) but a lot of people swear by it. >>>> >> >> > > Check out http://pbbergs.dynu.com/windows/downloads.htm
Download the script Active Directory User Account Attributes Download. You should be able to easily include the expired user accounts. We sue it to help with SOX. We can detail user account creation and deletion as well as last logon and password requirements. -- Show quoteHide quotePaul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA This posting is provided "AS IS" with no warranties, and confers no rights. "Richard" <rdu***@hotmail.com> wrote in message news:uC4AL4pLGHA.140@TK2MSFTNGP12.phx.gbl... > Hi. Is it possible or is there a utility that will automatically disable > a user account after it has expired. For example, disable the account > after 30 days of expiration. You comments are appreciated. Thanks! > > > 
Other interesting topics
Adding Windows Server 2003 R2 machine to existing W2k3AD
How to exclude ADAM user from AD domain lockout policy?? Domain Controllers not talking to each other How to restore Domain Controllers that have been down for a long t restore a windows 2000 domain controller CSVDE export fields ordering Error in Accessing Primary Domain Controller from Backup Domain Controller Simple Questions... Replace Primary DC with new 2003 Server Issue DHCP IP's only to computers in AD? |
|||||||||||||||||||||||
