Pau Lo
asked on
AD user account disabled date
Would there be any attribute in AD to determine on what date an account was disabled, or any particular event you could extract from DC logs? We have to do some cross matching on employee leavers to determine when their account was disabled/account end dated, in relation to their actual leaver date. Just trying to determine if we could get some accurate data to do some cross-analysis with. Ideally this should demonstrate their account should be in a disabled state the day after their official leave date. It has been some time since I have had to do similar and I am not totally sure if this data is likely to be accessible when its specific to a very specific pair of fields against the user record.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You should look at the event logs to see when something gets disabled.
Note that you need to still have the logs...
https://www.manageengine.com/products/active-directory-audit/account-management-events/event-id-4725.html#:~:text=When%20a%20user%20account%20is,event%20ID%204725%20gets%20logged.
Note that you need to still have the logs...
https://www.manageengine.com/products/active-directory-audit/account-management-events/event-id-4725.html#:~:text=When%20a%20user%20account%20is,event%20ID%204725%20gets%20logged.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
And can you think of any particular admin activities that they could do after disabling an account, that may also update the whenChanged attribute?