automatically disable unused user account

S

Sudeep Batra

Can someone suggest how to automatically disable unused user account after
say 3 months.
We have an Microsoft AD and Exchange setup ,in which Some users do not use
mailbox stores for long time as a result the mailbox gets full and
unnecessary space is consumed on the server.
Now I need a way to automatically disable these user account which are not
utilized for over 3 months.

Regards,

Sudeep
 
S

Simon Geary

If you have a 2003 domain you can schedule this command to run every 3
months. This probably wont work with Windows 2000 domains as the lastlogon
attribute is not replicated to all DC's.

dsquery user domainroot -inactive 12|dsmod user -disabled yes
 
J

Joe Richards [MVP]

That relies on lastLogonTimeStamp which is only available in K3 Domain
Functional Mode.

Also note, any account that has never logged on will not be flagged by this due
to how the query is written/processed for -inactive.

A solution that will work in 2K and K3 assuming there is a password policy is to
look at password last set attribute which is pwdLastSet. Unfortunately, most
people set their policy to about 90-91 days so you wouldn't know that the
account was unused until some time after that and the user still hasn't changed
their password. If this is acceptable you could use a tool on my website called
oldcmp to do this work. The name says oldcmp (old computers) but the tool is
flexible enough to handle user objects as well. Simply change the filter via the
-f parameter to be "&(objectcategory=person)(objectclass=user)" and specify the
proper age, say 120 days.

Another possibly better solution but will require fairly robust scripting
knowledge would be to look at the last logon time stamp on the store for the
mailboxes. Unfortunately though, if someone even looks at the calendar of the
mailbox it will register as a logon to that mailbox. However if you have a
mailbox that hasn't been touch in 90 days at all, you have a good candidate.

Finally, disabling the accounts will not free the space. You actually have to
delete the mailbox and then purge it.

joe
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Automatic Disabling of unused user account in AD 9
Disable Account in Windows 2000 ADS Domain 4
employee replaced - replace user account? 1
Disable User Account 1
Multiple Excahnge Mailboxes 1
Automatically disable the user account which is not operated. 3
Multple Sites 5
Accessing same mailbox from two locations 6

Top