-2

here is a question that I couldn't find online.

Is there a way to disable accounts on AD automatically after a certain amount of time?

I know that you can just put an expiration date and the user wouldn't be able to login to the domain anymore but our audit dpt demand us to disable this account and delete it after 30 days.

I don't think a script that runs every day will be an option as, to be honest, we don't want to have scheduled tasks running all the time.

Let me know if I can provide any more information and thanks in advance!

user
  • 4,267
  • 4
  • 32
  • 70
Gonzalo
  • 1
  • 1
  • 5
    Yet a script is probably your only option. What's wrong with a scheduled task? Unless the environment is very, very large, a daily scan of users doesn't take much time/resource. – strongline Sep 16 '16 at 14:07
  • 1
    I agree with @strongline. Scripts are a very useful resource. Even if you were to purchase a program that did this for you, it would *still* be a scheduled task, just not with a script. Unless you're going to be running this script during a time when a lot of other scheduled tasks are running, in a large environment, on a not very powerful server, it will have no noticable performance penalty. – Chris Powell Sep 16 '16 at 14:15

2 Answers2

0

The answer to a non-scheduled task is in the question, use the expiration date. If that's not possible, and you are prohibited from using scheduled tasks for whatever reason, make it someone's job duty to run a script once a week. Be sure to use PowerShell, and the AD module, and be sure to use lastLoginTimeStamp not lastLogin. And keep in mind that lastLoginTimestamp only forces update of the property when login has been > 14 days. However it's better than lastLogin property which can only be used in single DC situation, or if you poll all the DCs and determine the most recent before using that timestamp.

Jeter-work
  • 825
  • 4
  • 15
-2

http://mikefrobbins.com/2013/12/12/setting-an-active-directory-user-account-to-expire-at-a-specific-time-of-day-with-powershell/

The above link will go a long way. Explained both in CUI and GUI.

sairam
  • 1
  • 1