+1 except my disable script sets the AccountExpirationDate to the date they're disabled.
From: Cameron [mailto:[email protected]] Sent: Monday, November 14, 2011 10:55 AM To: NT System Admin Issues Subject: Re: Disabling but not deleting AD accounts unil Jan 1 I just move them into a "Disabled User" OU and put in the description of the account the date disabled. On Mon, Nov 14, 2011 at 11:48 AM, David Lum <[email protected]<mailto:[email protected]>> wrote: I have our internal auditor asking if we can keep disabled AD accounts around for a calendar year and ditch them on Jan 1 of each year. The reason is she can pull reports from AD regarding security audit information, etc. My kneejerk to me is to kill 'em, but having them disabled in their own OU (I kind of feel like they should be in a non-delegated OU too) doesn't give me that big of a heartache. Anyone care to share their opinion? David Lum Systems Engineer // NWEATM Office 503.548.5229<tel:503.548.5229> // Cell (voice/text) 503.267.9764<tel:503.267.9764> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
