Question

Locked

Just want to know if this scenario is possible.

By gagarin.js ·
Hi All,I am a trainee in the server administration team. I am just planning the following scenario in my organisation. I just wanted to confirm, if this scenario is a valid one and if it is possible.I just want yes or no answers for the following questions. Thanks in advance.

1.Is it possible to run a script to disable and delete a Active Directory user account when a condition is true? (say the condition is CurrentDate=ExpiryDate)

2.Is it possible to make that script run automatically everyday on the members of a particular group?

Kindly help me out.
Thanks.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

1. Script to delete users

by NexS In reply to Just want to know if this ...

I do not recommend this.
Think of a scenario where someone has either incorrectly set up a user account or an account needs to be extended for one reason or another.

Imagine the inconvenience of the users concerned. IT should be making life easier not (and it does happen sometimes) harder.
I would suggest to update the question to have a script that checks for expiry date and moves accounts to an OU with no group policies (ie: no access). That way, all your accounts are still accessible.

I personally don't know whether such scripts can be written, but I thought i would suggest the above prior to any scripts.

All the best.

Collapse -

@ NexS

by gagarin.js In reply to 1. Script to delete users

Thanks for the response.

Your idea of moving the accounts to a OU on checking the expiry date has given me a new view to my scenario. Thank you so much for this.

I ll just update the exact scenario and what I am trying to do. So that I can give you a clear idea of what I am doing.
Thanks again :)

Collapse -

The exact scenario - kindly suggest.

by gagarin.js In reply to 1. Script to delete users

Scenario:
I receive a termination form for each leaving employee. It has the date of termination (this is the date on which I have to disable the employee account) and 30 days from the date of termination, I have to delete the user account. This is the process that is to be followed in our organization.

Issue:
The number of users are more and the number of terminations at one point in time was more than 100. (These include user accounts that has to be disabled on termination date and those user accounts that has to be deleted after 30 days of termination). It is a tiring task to check for all the forms for the date of termination and then disable or delete a account.Was not able to disable or delete accounts on accurate dates.

Work Around :

Once there is a form for termination,
for eg:
Leaving Employee : Gagarin
D.O.T : 01.01.2010
Account to be deleted on: 02.02.2010
Step 1:
-make Gagarin, a member of the group , say -- "Termination"
-Set the D.O.T as the expiry date of the user account (01.01.2010 in this case).
Function of the script on the group "Termination":
1.Check if,
CurrentDate = ExpiryDate
if Yes, disable account
2.Check if,
CurrentDate = ExpiryDate + 30
if yes, delete account

***********************************************************************
This is the exactly what I am trying to do.
*****************************************************************
Please suggest.

Collapse -

As Cmatthews said,

by NexS In reply to The exact scenario - kind ...

And the way i do it here... with aprox 200 users, and as our 'sister' office does it with over 400 users;

1. Receive termination form
2. Receive relevant sign-offs
3. Place paperwork in an "In-Tray" or <b>Dated</b> folder
4. Manually terminate accounts.

I really would not trust a script to have the analogue opinion and justification that a human has.

Collapse -

Yes, but why? It's already there...

by cmatthews In reply to Just want to know if this ...

AD, user properties, account, see the expiry section at the bottom? Users and groups can even be ctrl-selected, so expiry properties can be set in one move.. Why not use what you already have?

Collapse -

@matthews

by gagarin.js In reply to Yes, but why? It's alread ...

thanks for the reply matthews.
I ll just post the exact scenario and what I am trying to do. May be it would give you a clear idea what am trying to do.
Thanks again :)

Back to Networks Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums