Data Centers

Disable user accounts with Windows Server 2003

There are two ways to disable a user account in Windows Server 2003. The first approach takes effect immediately, and the second happens on a time schedule at the end of the specified day. The latter method allows Windows to handle the action of disabling the account. Derek Schauland explains each process.

When an employee leaves your organization, it may be important to remove the user account. The company may make the case to delete a user account after so many days or weeks, but there may be times when you may want to disable rather than delete a user's account.

There are two ways to disable a user account in Windows Server 2003. The first approach takes effect immediately, and the second happens on a time schedule at the end of the specified day. The latter method allows Windows to handle the action of disabling the account. This might be useful if a user is leaving for a different position and has given notice. Disabling an account prevents the account from receiving e-mail (if e-mail properties have been configured), and it prevents the user from logging on or accessing network resources. If anyone needs to access the disabled account for any reason, you can simply turn it back on.

To disable a user account immediately, follow these steps:

  1. Open Active Directory Users And Computers.
  2. In the right pane of the Active Directory Users And Computers window, right-click the user account you want to disable and select Disable. You will see a dialog box letting you know that the account is now disabled.
  3. After you see a dialog box letting you know that the account is disabled, click OK.

To set a user account to disable at the end of a specified date, follow these steps:

  1. Open Active Directory Users And Computers.
  2. In the right pane of the Active Directory Users And Computers window, right-click the user account name you wish to disable and select Properties.
  3. Click the Account tab in the user account properties box.
  4. In the box near the bottom of the Account tab, select the date you want the account to disable, and then click OK.

Deleting a user account removes all of the attributes of the user object from Active Directory. If a user object gets deleted from Active Directory, you will need to create a new user and add all the needed properties, as well as a new Security Identifier in case the user returns to the company.

Note: In order to take effect completely, both types of account changes will need to be replicated throughout your Active Directory environment. If there are issues with directory replication, you may see the reappearance of deleted accounts or re-enabling of disabled accounts.

If you have no further need for an account after a period of time, you can delete the user account object by following these steps:

  1. Open Active Directory Users And Computers.
  2. Right-click the User Account Object you wish to delete.
  3. Select Delete from the Context menu.
  4. Click Yes when asked if you want to delete the object.

Miss a Windows Server 2003 tip?

Check out the Windows Server 2003 archive, and catch up on the most useful tips from this newsletter.

Stay on top of the latest Windows Server 2003 tips and tricks with our free Windows Server newsletter, delivered each Wednesday. Automatically sign up today!

About

Derek Schauland has been tinkering with Windows systems since 1997. He has supported Windows NT 4, worked phone support for an ISP, and is currently the IT Manager for a manufacturing company in Wisconsin.

Editor's Picks