Disable AD users

Hi,

I want script to auto disable Active Directory users which is not logged in some days(90).

is there any script for that?

kindly help.

Regards,

Rakesh

July 22nd, 2015 11:18am

check out this. http://blogs.technet.com/b/bahramr/archive/2008/01/25/powershell-script-to-disable-inactive-accounts-in-active-directory.aspx
Free Windows Admin Tool Kit Click here and download it now
July 22nd, 2015 11:19am

Hi,

here you go: http://blogs.technet.com/b/bahramr/archive/2008/01/25/powershell-script-to-disable-inactive-accounts-in-active-directory.aspx

July 22nd, 2015 11:20am

Hi Rakesh Surve,

Thanks for your post.

Also you could refer to the article.

http://blogs.technet.com/b/heyscriptingguy/archive/2011/11/30/use-powershell-to-find-and-remove-inactive-active-directory-users.aspx

Hope it is helpful to you.

Best Regards,

Mary Dong

Free Windows Admin Tool Kit Click here and download it now
July 23rd, 2015 2:52am

Hi,

You can go with a PowerShell script for that purpose. Basically, what you need to do is just look up the lastLogonTimeStamp attribute, but you should also be aware of those users that haven't yet logged in (just created).

There is also a more advanced way to do inactive users cleanup that involves third-party solutions but can provide you with automation and greater flexibility. Here's a good example of this using a tool called Adaxes. It does exactly what you are asking for plus all the additional stuff. If you need to do AD cleanup regularly and in big volumes, I would have a look at it.

July 23rd, 2015 5:49am

Apart from using PS command, if you are also open with using third party, you may give a shot to our Lepide active directory cleaner tool that helps to simplify obsolete account detection in Active Directory and helps to manage them through automated actions i.e. reset password, delete, disable and move inactive accounts to another OU.
Free Windows Admin Tool Kit Click here and download it now
July 23rd, 2015 8:00am

Hi,

Sorry for delay....

I have found power shell command and run it on AD server.

If you run below command you will get Inactive users from last 10days. you can change [timespan]10d option in command as per your requirement.

Search-ADAccount -AccountInactive -TimeSpan ([timespan]10d) -UsersOnly | Set-ADUser -Enabled $false -WhatIf

If you run below command in power shell form last 10days inactive user will disable and also you can run on OU base alos.

Search-ADAccount -AccountInactive -TimeSpan ([timespan]10d) -UsersOnly | Set-ADUser -Enabled $false

Check this.Its worked for me.

also you can add this in Task she dueled .

Thanks

Rakesh S

September 10th, 2015 3:25am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics