Auto Disable passwords?

Auto Disable passwords?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Auto Disable passwords? petersont 08-14-2006
Posted by =?Utf-8?B?cGV0ZXJzb250?= on August 14, 2006, 6:30 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Is there a way to have network accounts be automatically disabled after 30
days of non use? I currently have Windows 2000 Active Directory. We will be
upgrading to Windows 2003 later this year but we need to put this in place
currently.

Thanks for your help.
TP

Posted by Roger Abell [MVP] on August 15, 2006, 12:33 am
If you were  Registered and logged in, you could reply and use other advanced thread options
> Is there a way to have network accounts be automatically disabled after 30
> days of non use? I currently have Windows 2000 Active Directory. We will
> be
> upgrading to Windows 2003 later this year but we need to put this in place
> currently.
>
> Thanks for your help.
> TP

This is not a capability buiilt-in with Windows, but would not be too
difficult to script and set as a task run nightly. The trick is in getting
accurate last logon information, which IIRC requires checking all
DCs of an account's domain.



Posted by Joe Richards [MVP] on August 15, 2006, 8:55 am
If you were  Registered and logged in, you could reply and use other advanced thread options
You can check out http://www.joeware.net/win/free/tools/oldcmp.htm, it
might help you out. Despite the name it will handle users or computers.
There have been some writeups in Windows IT Pro on how to script it plus
I think some folks have also posted stuff on the internet as well that
will run it daily and email the reports, etc.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


petersont wrote:
> Is there a way to have network accounts be automatically disabled after 30
> days of non use? I currently have Windows 2000 Active Directory. We will be
> upgrading to Windows 2003 later this year but we need to put this in place
> currently.
>
> Thanks for your help.
> TP

Posted by Miha Pihler [MVP] on August 15, 2006, 9:37 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

On Windows Server 2003 you can use following command

dsquery user -inactive 5 | dsmod user -disabled yes

First part of the query looks for users that have been inactive for 5 weeks
and the output is handed off to another command called dsmod that modifies
that account and disables it.

I hope this helps you out once you upgrade to Windows Server 2003.

--
Mike
Microsoft MVP - Windows Security

> Is there a way to have network accounts be automatically disabled after 30
> days of non use? I currently have Windows 2000 Active Directory. We will
> be
> upgrading to Windows 2003 later this year but we need to put this in place
> currently.
>
> Thanks for your help.
> TP



Similar ThreadsPosted
How to Disable Auto Email Preview? June 29, 2005, 3:11 pm
auto complete February 6, 2006, 7:25 am
how to avoid auto sign in August 22, 2005, 12:31 pm
auto update baloon January 1, 2006, 7:11 pm
Auto log in with basic authentication July 27, 2007, 11:07 am
Auto downloads and installs -- ? March 9, 2008, 3:07 am
auto protect disabled September 8, 2008, 3:52 pm
email blocking/auto update August 27, 2005, 3:53 am
Auto complete will not work on XP Pro Tablet PC February 6, 2006, 7:19 am
Multiple CAs& user auto enrollment June 12, 2006, 4:39 pm

The site map in XML format XML site map

Contact Us | Privacy Policy