Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Policy to expire accounts on certain date or disable

Posted on 2008-06-26
9
Medium Priority
?
914 Views
Last Modified: 2013-12-04
Hi,

I have a OU.  I would like any account created in this OU to expire 6 months after the creation date or disable the account after six months if this is the only option.

Where I can this in the GPO, if any knows please tell me to save me searching for something that may not even be there.

Many thnanks in advance.
0
Comment
Question by:2326ac
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 31

Accepted Solution

by:
Toni Uranjek earned 672 total points
ID: 21872486
Hi!

Unfortunately expiration date for user account can not be set with GPO, AFAIK.

Toni
0
 
LVL 39

Assisted Solution

by:ChiefIT
ChiefIT earned 664 total points
ID: 21872977
I agree with Toniur:

But, there may be an alternative:

In ADUC>>navigate to the user account>>right click the user account and select properties>>go to the account tab.
At the bottom you can have this account expire at any time you desire.
0
 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 664 total points
ID: 21873635
You nead to either set the expire manual in accout properties or through a script.

Not possibly to do what you want through native GPO, but can be done by creating an administrative template for doing the configuration through GPOs and create a schedule task on a DC that runs a script to force the expiration for the users affected by the GPO with the administrative template.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 

Author Comment

by:2326ac
ID: 21876020
Do you know of a script to do this (a sample) or can anyone help point me in the right direction.  Thank you all for your help so far,
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 21879899
There are some good script writers in EE. I just happen to not be one of them.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 21880286
The simpliest way to solve the problem with automatic expire is to use a CMD-script with the ds-commands from adminpak.msi
Note that the OUBASE-variable nead to escape , and = with ^ (^, ^=).
Add a schedule task to run the script for example once a day.
To use parameters instead of editing the script for future configuration, replace the values for the SET-lines with %~1 (first parameter, ~ allows spaces inside ""), %2 (second parameter)

To handle the configuration through AD (GPO or OU-properties), the script neads to be rewritten in a better scripting language (for example VB or KiX) instead of using CMD-scripting. My earlier thaught about GPO will not work if trying to apply a GPO on a specific OU with users, but can be used like the account policies on domain level and point out what OU shall be managed through the script.
@ECHO OFF
SET OUBASE="OU^=OU-child^,OU^=OU-parent^,DC^=domain^,DC^=com"
SET EXPIREDAYS=180
for /F "tokens=1,2" %%a in ('dsquery user "OUBASE%"^|dsget user -samid -acctexpires^) do (
  if "%%b" == "never" (
    dsquery user -samid %%a|dsmod user -acctexpires "%EXPIREDAYS%"
  )
)

Open in new window

0
 
LVL 10

Expert Comment

by:pand0ra_usa
ID: 22141313
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question