Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Script to Disable User accounts in AD

Posted on 2011-09-08
6
Medium Priority
?
800 Views
Last Modified: 2012-05-12
looking for a Script to Disable the user accounts listed in a text file and then create a schedule task on the server to delete the same accounts on 30th day from disabling date.
0
Comment
Question by:getazhar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 27

Expert Comment

by:KenMcF
ID: 36502472
Since you have 2003 I would recommend downloading the Quest AD CMDLETS.

Foreach ($user in (Get-content c:\temp\users.txt)){
get-qaduser $user | Disable-qaduser}
0
 

Author Comment

by:getazhar
ID: 36502484
Thanks for your response Ken..

Disabling part is fine with that.. how about deletion of same user account after 30 days ?

~Ameer
0
 
LVL 27

Accepted Solution

by:
KenMcF earned 1500 total points
ID: 36502673
The easiest way would be to add the date the account was disabled to an AD attribute.

So something like this may work for you

Foreach ($user in (Get-content c:\temp\users.txt)){
get-qaduser $user | set-qaduser -description (get-date -f MM/dd/yyy) | Disable-qaduser}


Then to delete

get-qaduser |  Where {(get-date $($_.description)) -le ((get-date).adddays(-30))} | remove-qadobject


These have not been tested so please test before running in any prod environment.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 26

Expert Comment

by:MidnightOne
ID: 36503913
I would highly recommend NOT auto-deleting accounts in AD if only because of the loss of data access this can cause. Auto-disable, sure.
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 36526488
Some things to consider:

OLDCMP utility from JoeWare.net can make your scripting/process easier.

Moving disabled accounts to a specific OU can help easily determine how long after the account was disabled and moved to your "disabled Users" OU.  There is no real way to determine how long an account has been disabled.  You delete the account if the "whenChanged" is 30 days after it's moved to the new OU.

Accounts that have never been used may be be included, be sure to watch out for those.
0
 

Author Closing Comment

by:getazhar
ID: 36527348
Powershell script provided needs to be tested. anyways, thanks for your efforts.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question