A few years back I wrote a program called "Purge Walker" which did that. It ran as a Windows service and let you specify how "old" an account was before it was disabled. It determined this by using the last password set date and if the password was expired by more than xx days, the account was moved to a "Purge OU" for holding. We had another service that ran on just the Purge OU and deleted accounts after they had been in there for 90 days.
The process had a few safety features in to keep things recoverable if needed. For example, before an account was moved to the Purge OU, the properties for that account were dumped out to a SQL table to make for easy programmatic restore (I even had a program called Lazarus that handled that) of a "Purged" account if the person had extreme circumstances. That whole program was 3 years ago at a previous employer...otherwise I'd post the program link here...but to answer your question, yes it is possible to successfully automate the process of disabling inactive accounts. Regards, Lou -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ravi Dogra Sent: Friday, November 18, 2005 9:27 AM To: [email protected] Subject: Re: [ActiveDir] Disable inactive accounts I have Win2k3 servers with latest updates. i have no worry about that. Yes offcourse i will exclude service accounts and my external users from such list. i have some such clients too. But the thing is that how can i do this? Is there anyone who has succesfully automated the process of disabling inactive accounts. can any one help with that. Thanks RD List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
