Link to home
Start Free TrialLog in
Avatar of acreeit
acreeitFlag for United States of America

asked on

I need a GP for moving diabled users to a predefined "Disable User" OU

Windows 2003 AD
We are a service provider - 80% of our user community is in the field
our attrition rate is high -
I need a group policy to migrate disabled users from one OU to a disabled user OU when the user is terminated.
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

It would have to be a script rather than policy, but that's not a big problem.

How do you define / locate terminated users within AD?

Chris
Avatar of Henrik Johansson
Henrik Johansson
Flag of Sweden image
As Chris said, you nead to script it.
One way is to use dsquery and dsmove from adminpak.msi
for /F %a in ('dsquery user OU=old-ou,DC=domain,DC=com -disabled') do @dsmove %a -newparent OU=disabled-users,DC=domain,DC=com
Avatar of Paka
Paka
How about piping the result:
dsquery user -disabled -limit 0 | dsmove user -newparent "ou=disabled, dc=mydomain, dc=com"
(where | is shift-\)  This will move all disabled users in all OUs in your domain to an the disabled OU.  

If you want to preview the accounts that would move:
dsquery user -disabled -limit 0 > disabledusers.txt

If you want to move just 10 accounts (as a test):
dsquery user -disabled -limit 10 | dsmove user -newparent "ou=disabled, dc=mydomain, dc=com"
Avatar of acreeit
acreeit
Flag of United States of America image

ASKER

Can this be automated so that once the Helpdesk disabled the account it is automatically moved to diabled OU?
HOW do I do this?
ASKER CERTIFIED SOLUTION
Avatar of Henrik Johansson
Henrik Johansson
Flag of Sweden image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of acreeit
acreeit
Flag of United States of America image

ASKER

Thank you willl test