ManieyaK_
asked on
Disable a User account
Hello Experts, in order to comply with a new requirement we need to modify a few controls on our system. One of the controls we're having difficulty with is "Force AD to disable user accounts with an inactivity period of 90 days"
Does this have to be done using PowerShell of some other third party tool?
Does this have to be done using PowerShell of some other third party tool?
Hi,
I would suggest implementing both the automation (e.g. what Adam suggests above), and also a monitoring process.
You would run the script above daily, weekly, or whenever required, then also have a task, say, weekly or monthly that someone runs a report of any accounts, not used for more than 90 days, and currently enabled.
If that report never shows anything, then you could move it from a monthly task to two monthly, and so on so that the time impact across a year becomes negligible.
Alan.
I would suggest implementing both the automation (e.g. what Adam suggests above), and also a monitoring process.
You would run the script above daily, weekly, or whenever required, then also have a task, say, weekly or monthly that someone runs a report of any accounts, not used for more than 90 days, and currently enabled.
If that report never shows anything, then you could move it from a monthly task to two monthly, and so on so that the time impact across a year becomes negligible.
Alan.
ASKER
Okay this great guys. We'll give the suggested a try, thanks for the comments.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
An alternate possibility would be to configure accounts so they expire along with their passwords, and require users to contact the help desk to reset their account validity and reset passwords. Definitely more work involved here, but it is more "fool proof."