how to set autodisable for expired account

  • Thread starter Thread starter felix
  • Start date Start date
F

felix

Hi,

Anyone know how to find expired user in AD? or better if
there is any automate task to find expired account and
disable them.

regards
Felix
 
Felix,

What do you mean by 'expired'?

I believe that you can look at something called AD Janitor (
http://www.adjanitor.com ) for this. I believe also that Joe has a utility
on his web site that will do this for you. You could spin over to
http://www.joeware.net and look at his free Win32 C++ utilities. Also, I
believe that Matjaz has a utility on his web site at http://www.ladava.com
( click on the utilities link in the upper left corner! ).

HTH,

Cary
 
True, oldcmp, albiet not intuitively could be used for this... You would have to
use a custom filter like "&(objectcategory=person)(samaccountname=*)" and set
the password age to the value you want, say the password expiration policy is 91
days you could use say 120 or 100 days for the password age option...

Man that thing is flexible... :oP


joe
 
<snip>
Account expiration results in the account being automatically disabled
so you don't have to tweak anything. As for finding expired accounts,
try "Find" in ADUC, "Common queries" and there you should have a
checkbox to list only "Disabled accounts". If not (I'm viewing this on
Win2K3), do an LDAP search for userAccountControl=514 :
http://support.microsoft.com/default.aspx?kbid=305144

Or, do it with a script:
http://www.microsoft.com/technet/community/scriptcenter/user/scrug108.ms
px

HTH
--
Cheers,
Marin Marinov
MCT, MCSE 2003/2000/NT4.0,
MCSE:Security 2003/2000, MCP+I
-
This posting is provided "AS IS" with no warranties, and confers no
rights.
 
Back
Top