Still, there is nothing "automatic" natively in the OS to let him do this.
Policy or no policy, he is looking at external intervention - third-party or
a roll-your-own. Rolling his own may be burdensome because now he has to
account for the number of ways an account can be active without necessarily
logging in. Looking at Lastlogon or lastlogontimestamp is insufficient.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.readymaids.com <http://www.readymaids.com> - we know IT
www.akomolafe.com <http://www.akomolafe.com>
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: [EMAIL PROTECTED] on behalf of Al Mulnick
Sent: Wed 4/19/2006 1:13 PM
To: [email protected]
Subject: Re: [ActiveDir] automatic account disable
LOL. You're right, it is often advisable to disable first. I got caught up
in the moment ;)
Myke, there was a long conversation about such things a few months ago. You
might want to search the archives to see what was said and see if you agree
about what it says and suggests.
An additional point to consider: start with policy as Neil suggests. If you
have a policy that says to disable accounts and then delete later, or delete
based on disuse, enforcement is pretty much an easy thing to do. Without the
policy first, it can be a difficult train to ride.
-ajm
On 4/19/06, [EMAIL PROTECTED] <[EMAIL PROTECTED] > wrote:
Would you not disable the account instead of locking it?
A locked account may be unlocked in time (depends upon policy),
whereas a disabled account needs admin intervention.
my 2 penneth,
neil
________________________________
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> ] On Behalf Of Al Mulnick
Sent: 19 April 2006 15:52
To: [email protected]
Subject: Re: [ActiveDir] automatic account disable
It's possible. What's your criteria?
DSQUERY, DSMOD are two tools that are touted as being able to do this
pretty easily. Joeware tools are better ( http://www.joeware.net
<http://www.joeware.net/> ) for this task IMHO. Scripts, etc can also be
used successfully.
Al
On 4/19/06, Myke < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >
wrote:
hi guys,
it's possible to make a automatic lockout in user accounts by
inactivity, or I need a third party tool?
thanks
Myke
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
PLEASE READ: The information contained in this email is confidential
and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and
delete your
copy from your system. You must not copy, distribute or take any
further
action in reliance on it. Email is not a secure method of
communication and
Nomura International plc ('NIplc') will not, to the extent permitted
by law,
accept responsibility or liability for (a) the accuracy or
completeness of,
or (b) the presence of any virus, worm or similar malicious or
disabling
code in, this message or any attachment(s) to it. If verification of
this
email is sought then please request a hard copy. Unless otherwise
stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely
those of
the author and do not necessarily represent those of NIplc; (3) is
intended
for informational purposes only and is not a recommendation,
solicitation or
offer to buy or sell securities or related financial instruments.
NIplc
does not provide investment services to private customers. Authorised
and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St
Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
