What do you mean you can't query on lastLogonTimeStamp in oldcmp?
wow! totally missed that switch. again, AFAIK oldcmp *will* give you the llts *and* you can query directly on that.
If you use the -llts option (I'll let you guess what that stands for) it uses lastLogonTimeStamp for the aging instead of pwdLastSet.
joe
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Singler Sent: Tuesday, February 22, 2005 4:47 PM To: [email protected] Subject: Re: [ActiveDir] Disabling Inactive Users
AFAIK oldcmp will give you the lastLogonTimestamp (if you are w2k3 functional) but you can't query directly on that. the -age switch looks at pwdLastSet (it's possible that a user has not changed their password in +90 days but they login everyday - therefore they are not "inactive").
a manual method one could try is (watch wrap):
adfind.exe -b dc=domain,dc=edu -f "&(objectcategory=person)(samaccountname=*)" -tdc lastLogon userPrincipalName -sort lastLogon >c:\inactive.log
Then pass it through joe's perl csv converter. Then massage.
Finally:
disable using your fav method (dsmod comes to mind).
see joeware.net for adfind
Jorge de Almeida Pinto wrote:
HI,
Try the following: http://www.joeware.net/win/free/tools/oldcmp.htm.
I think it's not possible to use a GPO to do this. You could however create a batch file using OLDCMP and schedule it to run each day/week or whenever you want it
Jorge
-----Original Message----- From: [EMAIL PROTECTED] To: [email protected] Sent: 2/22/2005 9:56 PM Subject: [ActiveDir] Disabling Inactive Users
Is there a GPO setting (or some other path) to disable inactive users after a specified period of time? In other words, I'd like to automatically disable Joe User if he has not logged on in more than 90 days.
Thanks, James R. Rogers
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
