Solved

Policy to expire accounts on certain date or disable

Posted on 2008-06-26
9
911 Views
Last Modified: 2013-12-04
Hi,

I have a OU.  I would like any account created in this OU to expire 6 months after the creation date or disable the account after six months if this is the only option.

Where I can this in the GPO, if any knows please tell me to save me searching for something that may not even be there.

Many thnanks in advance.
0
Comment
Question by:2326ac
9 Comments
 
LVL 31

Accepted Solution

by:
Toni Uranjek earned 168 total points
ID: 21872486
Hi!

Unfortunately expiration date for user account can not be set with GPO, AFAIK.

Toni
0
 
LVL 38

Assisted Solution

by:ChiefIT
ChiefIT earned 166 total points
ID: 21872977
I agree with Toniur:

But, there may be an alternative:

In ADUC>>navigate to the user account>>right click the user account and select properties>>go to the account tab.
At the bottom you can have this account expire at any time you desire.
0
 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 166 total points
ID: 21873635
You nead to either set the expire manual in accout properties or through a script.

Not possibly to do what you want through native GPO, but can be done by creating an administrative template for doing the configuration through GPOs and create a schedule task on a DC that runs a script to force the expiration for the users affected by the GPO with the administrative template.
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:2326ac
ID: 21876020
Do you know of a script to do this (a sample) or can anyone help point me in the right direction.  Thank you all for your help so far,
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 21879899
There are some good script writers in EE. I just happen to not be one of them.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 21880286
The simpliest way to solve the problem with automatic expire is to use a CMD-script with the ds-commands from adminpak.msi
Note that the OUBASE-variable nead to escape , and = with ^ (^, ^=).
Add a schedule task to run the script for example once a day.
To use parameters instead of editing the script for future configuration, replace the values for the SET-lines with %~1 (first parameter, ~ allows spaces inside ""), %2 (second parameter)

To handle the configuration through AD (GPO or OU-properties), the script neads to be rewritten in a better scripting language (for example VB or KiX) instead of using CMD-scripting. My earlier thaught about GPO will not work if trying to apply a GPO on a specific OU with users, but can be used like the account policies on domain level and point out what OU shall be managed through the script.
@ECHO OFF
SET OUBASE="OU^=OU-child^,OU^=OU-parent^,DC^=domain^,DC^=com"
SET EXPIREDAYS=180
for /F "tokens=1,2" %%a in ('dsquery user "OUBASE%"^|dsget user -samid -acctexpires^) do (
  if "%%b" == "never" (
    dsquery user -samid %%a|dsmod user -acctexpires "%EXPIREDAYS%"
  )
)

Open in new window

0
 
LVL 10

Expert Comment

by:pand0ra_usa
ID: 22141313
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OfficeMate Freezes on login or does not load after login credentials are input.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question