How to disable a user account if it has not been used by a certain time?

By bbnetman ·
I am wondering (as an added security layer or option) if in W2K3 Active Directory there is a way to automatically disable an account if it has not been accessed for a certain period of time? I know you can expire an account on a specified date but what about if a user is out and you want a way to automatically disable their account if they are not back in a certain number of days rather than having to do it manually.

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Use a script

by faradhi In reply to How to disable a user acc ...

The best way I found to perform this task is to use a script that checks the last login date of each account and disables the ones that have not logged in within the specified time frame.

Here is a script sample I found on the internet. I cannot find the one I wrote for my previous position. But this should get you started.

Hope this helps.

----start script---
Dim dDate, oUser, oObject, oGroup
Dim iFlags, iDiff, iResult

'Point to group containing users to check
Set oGroup = GetoObject("WinNT://MyDomain/Domain Users")

'Enable error trapping
On error resume Next

'for each user object in the group...
For each oObject in oGroup.Members

'ensure the user isn't a computer account!
If (oObject.Class="User") And _
(InStr(oObject.Name, "$") = 0) Then

'retrieve the user object
Set oUser = GetoObject(oObject.ADsPath)

'get the last login Date from the domain
'and strip off the time portion
'(just need the date)
dDate = oUser.get("LastLogin")
dDate = Left(dDate,8)
dDate = CDate(dDate)

'calculate how long ago that was in weeks
iDiff = DateDiff("ww", dDate, Now)

'more than six weeks since last login?
If iDiff >= 6 Then

'yes - get the user's flags
iFlags = oUser.Get("UserFlags")

'is the account already disabled?

'no - disable it!
oUser.Put "UseriFlags", iFlags OR UF_ACCOUNTDISABLE
End If
End If
End If
WScript.Echo "All done!"

--end script---

Collapse -

So what you're saying is...

by otaku_lord In reply to Use a script

I know that this was posted almost three years ago but I hope someone can answer a question for me... is this script safe to use and do I use it "as is?"

Back to Security Forum
3 total posts (Page 1 of 1)  

Security Forums