All,
I need some advice on how to routinely disable accounts which havent been used for X amount of weeks within a W2K AD environment.
My preferred route of performing this task is down the microsoft script / util route rather than a third party utility. One method of establishing the last time a user logs in is by querying the LastLogin attribute.
However [and unfortunately], I am aware that the LastLogin attribute within W2K is not replicated between DC's. This means any script I write has to query all DC's, collate the information and find the most recent data. This does not seem like the most appropriate and efficient method of finding the last time someone logged in.
I would expect this process is required by most AD environments and I am interested to see how it is performed elsewhere?? Can you advise?
Thanks
I need some advice on how to routinely disable accounts which havent been used for X amount of weeks within a W2K AD environment.
My preferred route of performing this task is down the microsoft script / util route rather than a third party utility. One method of establishing the last time a user logs in is by querying the LastLogin attribute.
However [and unfortunately], I am aware that the LastLogin attribute within W2K is not replicated between DC's. This means any script I write has to query all DC's, collate the information and find the most recent data. This does not seem like the most appropriate and efficient method of finding the last time someone logged in.
I would expect this process is required by most AD environments and I am interested to see how it is performed elsewhere?? Can you advise?
Thanks
