Well... it really isn't a script, it is more like a single line:
C:\>For /F %I in ('dsquery user -inactive 2 -limit 1000') do dsrm
%I -noprompt
dsquery and dsrm are part of the DS command set used to manage Active
Directory in Windows 2003. You can install the command set on a Windows XP
workstaiton if you like by running the AdminPAK.msi from the Windows 2003
CD.
The command above uses the DSQUERY to search for users you have been
inactive for the last 2 weeks ( "-inactive 2" ). The listing defaults to
100, but if you put the "-limit 1000" the list can be as long as 1000. The
result is the building of a list of DSN's that are funneled to the DSRM, DS
ReMove Object. The "-noprompt" prevents the prompting of "Are you sure?"
for each deletion. To run DSQUERY you only need Domain User rights. To run
the DSRM you will need Domain Administrator privleges.
Two weeks is not a long time - a person on vacation could be gone two weeks.
Make sure that is the time period you want, because once the account is gone
only a restore will bring it back.
Paul Hinsberg, MCSE
