Link to home
Start Free TrialLog in
Avatar of dakinegeek
dakinegeek

asked on

Disable User account using GPO

Is there a way to automatically (through GPO) disable user accounts on Windows 2003 after 30 days of non-use?
ASKER CERTIFIED SOLUTION
Avatar of jss1199
jss1199

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
This is quiet a bit simplier if you dont mind installing the FREE Quest CMDLets from www.quest.com/powershell.

NOTE: removed -whatif to "REALLY" disable users.


Add-PSSnapin Quest.ActiveRoles.ADManagement -ea 0
$LastLogonTime = ([System.DateTime]::Now).AddMonths(-1).ToFileTime()
$filter = "(!(userAccountControl:1.2.840.113556.1.4.803:=2))(lastLogonTimeStamp<=$LastLogonTime))"
Get-QADUser -LdapFilter $filter -pagesize 0 | Disable-User -whatif

Open in new window

SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial