Questions

Answer for:

How to disable a user account if it has not been used by a certain time?

Message 2 of 3

View entire thread
+
0 Votes
faradhi

The best way I found to perform this task is to use a script that checks the last login date of each account and disables the ones that have not logged in within the specified time frame.

Here is a script sample I found on the internet. I cannot find the one I wrote for my previous position. But this should get you started.

Hope this helps.

----start script---
Dim dDate, oUser, oObject, oGroup
Dim iFlags, iDiff, iResult
Const UF_ACCOUNTDISABLE = &H0002

'Point to group containing users to check
Set oGroup = GetoObject("WinNT://MyDomain/Domain Users")

'Enable error trapping
On error resume Next

'for each user object in the group...
For each oObject in oGroup.Members

'ensure the user isn't a computer account!
If (oObject.Class="User") And _
(InStr(oObject.Name, "$") = 0) Then

'retrieve the user object
Set oUser = GetoObject(oObject.ADsPath)

'get the last login Date from the domain
'and strip off the time portion
'(just need the date)
dDate = oUser.get("LastLogin")
dDate = Left(dDate,8)
dDate = CDate(dDate)

'calculate how long ago that was in weeks
iDiff = DateDiff("ww", dDate, Now)

'more than six weeks since last login?
If iDiff >= 6 Then

'yes - get the user's flags
iFlags = oUser.Get("UserFlags")

'is the account already disabled?
If (iFlags AND UF_ACCOUNTDISABLE) = 0 Then

'no - disable it!
oUser.Put "UseriFlags", iFlags OR UF_ACCOUNTDISABLE
oUser.SetInfo
End If
End If
End If
Next
WScript.Echo "All done!"

--end script---