asked on
Tracking Unused AD accounts
Is there software or perhaps some way I can track Active Directory User accounts that have not been used within 90 days?
Windows Server 2003Active Directory
Last Comment
WellingtonIS
ASKER
I don't want to automatically disable them just identify them.
That script has a -whatif command in it. It will just list the users.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
I am a big fan of OLDCMP by joeware. This tool will let you search and find unused computer and user accounts as well as perform actions on those accounts if desired.
http://www.joeware.net/freetools/tools/oldcmp/
http://www.joeware.net/freetools/tools/oldcmp/
ASKER
Thanks everyone I'll check it out.
By the way, if you're not looking to automate this task, and you don't want to spend money, the value in AD to look at is the LastLogonTimestamp. That value gets replicated across domain controllers. I believe there is a 14 day shift on the value, so you won't want to remove anyone less than 14 days back for a LastLogonTimestamp. See the following website: http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx
ASKER
Decided to use this tool because it was easiest and it works well with windows 7. thanks everyone.
You will need to download the Quest AD CMDlets and change the areas in that script that call for QAD-Computer to Q-ADUSER.