My thoughts? Thanks for posting it. That's very kind of you. Very useful as well.
If I were to make or suggest modifications, I would suggest that you add a logging feature, especially for the groups you are removing. I would also suggest that you make it accept either command line or text file input specifying the user vs. doing that to an entire OU. Or maybe all three as that likely works where you are? You could also rely on the mailstore being disconnected from the user object for X days (as set in your environment) and reanimation of the user object should it be needed as part of the process. That effectively gives you X days for Exchange mail data prior to cleanup, and up to currently 180 days for the AD user object. You would of course have to ensure that the necessary information for your environment was kept somehwere or modify the AD so that it keeps it so you can put that data back correctly. I'm a fan of keeping that data in off-line text file format but I'm sure there are other opinions as well. Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Crawford, Scott Sent: Wednesday, August 10, 2005 4:05 PM To: [email protected] Subject: [ActiveDir] Effectively Disable Accounts I've written a script that we use instead of disabling accounts when people leave. It prevents the account from being used, but also eliminates some errors we had with Exchange when we had a bunch of mailboxes tied to disabled accounts. Here it is, if anyone's interested. Thoughts? List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
