Hello,
If you're looking for a 3rd party solution take a look at DSRAZOR for
Windows. It is not free, but it is very easy to use. It is set up for user
searches right out of the box.
As you may know, Active Directory does not replication the lastLogon
attribute. If you have 3 Domain Controllers and you asked each of those
three DCs the last time a user logged on, you might get three different
responses. You can use various scripts or software to run the queries to
each DC and make the comparison for you... thats what Joe's tool, and
DSRAZOR, does.
When you run DSRAZOR to find these old users you can right-click to generate
a report, or you can select all the users found and press a button to do
something to those accounts. This means that once the search finishes, you
could highlight them all, disable them, and moved them to a disabled user's
OU. Or you could simply delete them. This makes the cleanup job very easy.
Everything is also logged so you have a record of what changes you've made.
You can also automate the applet to run on a scheduled basis to regularly
keep your inactive users cleaned up. Customers tell us that their auditors
really like to see that.
I realize that the other solutions offered in this thread are free and a
perfect fit for many people, but if you want something that is easier to use
and backed by a company that offers free support to customers, then consider
DSRAZOR as an option.
I hope this is helpful to someone.