Automatically Disable Inactive Accounts in Active Directory
Automatically disable inactive user or computer accounts in Active Directory using the AD Pro Toolkit built-in schedular. You can define the inactivity time (default 90 days) and choose from a serious of actions to run against the inactive accounts.
Conditions
The condition section lets you define how you want to identify inactive users and computers.
- Inactivity time: The account is inactive for at least x days. Default is 90 days, you can change this to any time you need. This uses the lastLogonTimestamp to identify stale accounts.
- Include: Choose to find inactive users, computers or both.
- Path: Select an OU or choose the entire domain
- Exclusions: Add accounts to exclude from being automatically disabled
Actions
This section you configure what actions to run on the inactive accounts.
- Disable: Check this box to auto disable accounts
- Move to OU: Enables moving accounts to another OU
- Description: Adds a description to the account
- Report only: Report only mode sends an email with the identified accounts, but no actions are run.
Create scheduled task
- Click on “Scheduler” then click “Add”
- Select “Inactive Accounts” from the dropdown
- Enter a task name and set the credentials. Click “Next”
- Set a schedule frequency, daily, weekly or monthly
- Set the conditions (Path is required)
- Select one or more actions
- Choose output options (email or save to csv)
- Click Save.