Active Directory
--
Questions
--
Followers
Top Experts
Looking for a way to disable a new account if the user has not signed on within 10 days. I can't find any MS setting within Active Directory. Maybe someone knows of a powershell script I can run or third-party utility that can do this for us?
I would imagine the script would look something like: if the account option for "user must change password at next logon" is checked and the user hasn't done so within 10 days, disable account.
Is this possible? We are running a Windows 2012 domain.
Thanks!!
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/e21e61c7-4c79-490e-b136-69bbef9e328e/powershell-that-disables-active-directory-users-that-have-not-logged-on-for-x-number-of-days?forum=winserverDS
Mahesh
You could run a powershell script to check if users havent logged in for say 10 days.
ADAccount -AccountInactive -TimeSpan ([timespan]10d) -UsersOnly | Set-ADUser -Enabled $false
If you want to test and see what would be disabled add -WhatIf to the above line.
This is offcourse applicable on all your users.
Workaround would be creating a special newby OU and point that script only to this OU by adding.
-SearchBase string
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Then you would alter the script to look for users which have the pwdLastSet attribute set to 0. Example is to be found here.
The tool is having user friendly GUI and do not require PowerShell and can be run on Windows 2003 \ 2008 \ 2012 (all versions of AD)
http://www.wisesoft.co.uk/software/bulkadusers/default.aspx
There is option in tool call "Properties to Load" where practically you can load any attribute (pwdLastSet in your case) for user list \ users from OU \ users in Entire domain
http://msdn.microsoft.com/en-us/library/windows/desktop/aa746510(v=vs.85).aspx
Only you need to know Attribute name in order to add it
Also you can export output to csv \ excel format if wanted to
Mahesh
Search-ADAccount -AccountInactive -TimeSpan 10 -UsersOnly | Get-ADUser -Properties pwdLastSet,Enabled | ?{$_.pwdLastSet -eq "0" -and $_.Enabled -eq $True}Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
create a scheduled task
dsmod user "CN=John Doe,OU=Users,DC=example,DC
For an application please have a look at AD management tool.
Please click on the given link to know more.'
Thanks.
Active Directory
--
Questions
--
Followers
Top Experts
Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.