Script to Disable User accounts in AD
looking for a Script to Disable the user accounts listed in a text file and then create a schedule task on the server to delete the same accounts on 30th day from disabling date.
ASKER
Thanks for your response Ken..
Disabling part is fine with that.. how about deletion of same user account after 30 days ?
~Ameer
Disabling part is fine with that.. how about deletion of same user account after 30 days ?
~Ameer
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would highly recommend NOT auto-deleting accounts in AD if only because of the loss of data access this can cause. Auto-disable, sure.
Some things to consider:
OLDCMP utility from JoeWare.net can make your scripting/process easier.
Moving disabled accounts to a specific OU can help easily determine how long after the account was disabled and moved to your "disabled Users" OU. There is no real way to determine how long an account has been disabled. You delete the account if the "whenChanged" is 30 days after it's moved to the new OU.
Accounts that have never been used may be be included, be sure to watch out for those.
OLDCMP utility from JoeWare.net can make your scripting/process easier.
Moving disabled accounts to a specific OU can help easily determine how long after the account was disabled and moved to your "disabled Users" OU. There is no real way to determine how long an account has been disabled. You delete the account if the "whenChanged" is 30 days after it's moved to the new OU.
Accounts that have never been used may be be included, be sure to watch out for those.
ASKER
Powershell script provided needs to be tested. anyways, thanks for your efforts.
Foreach ($user in (Get-content c:\temp\users.txt)){
get-qaduser $user | Disable-qaduser}