Active Directory
by My last cry for help got no response so hopefully somebody knows this one. We need to clean up the Active Directory here where I work, it's a student body so the user base is constantly changing. I want to disable all user accounts that have been inactive for the past 9 weeks. I found the following script online that should work, but I don't know how to run it. I tried it from the start... run dialog box and also from a command prompt but it didn't seem to do anything. Here's the script:
c:\> dsquery user -inactive 9 | dsmod user -disabled yes
What (and please be VERY specific) do I need to do to either get this script to work or get it done another way? Hope somebody can help, thanks!
AI Summary
25 Comments
so it seems like, if all of your domain controllers are running 2003, then you should switch to 2003 server level.
if you have older controllers in the domain, then you should look into using this tool instead of dsquery
read through this Matt
If you don't have Win2k3 servers, then you can't use the -inactive flag, so you may want to try this tool instead of dsquery
actually, i would try this first, because it's ready to go. you have to copy the .bat file here
http://www.jsifaq.com/SUBQ/tip8200/rh8260.htm
and the one here as well
cool, i'll try this one tomorrow
some more scripting fun
when you run that from a command prompt, what output do you get?
and you know enough not to type the "c:\>" part, right?
i mean, you should, you've got like a doctorate in Computer Science or something
maybe thats why he put it in programming forum, to confuse everyone
hi lets dance
i hate you ian... yes i know enough not to type the c:\>
anyway, here's the output:
dsquery failed:The parameter is incorrect.:Windows could not run this query because you are connected to a domain that does not support this query. type dsquery /? for help.
dsmod failed:`Target object for this command' is missing.
type dsmod /? for help.
i guess it looks like I have to install them? I'm wondering from where though
well, you have both commands. the problem is something with the domain you're connected to, it looks like
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21410274.html
if your domain isn't win2k3, you can't use the -inactive switch. See http://www.windowsitpro.com/Forums/messageview.cfm?catid=43&threadid=64342&STARTPAGE=1#388429 for further detail.
check the further replies
do you have a Win2k3 domain? If yes, are you running at 2000 mixed mode?
yeah i saw that forum earlier. We have a w2k3 domain, but i'm trying to find out if it could be operating in mixed mode. trying to figure out how
"To convert, open Active Directory Users and Computers from the Administrative Tools menu. Right-click the domain and choose Properties. On the General tab, click Change Mode. Click Yes, then OK. "
found out we are in mixed mode. i don't see a "change mode" button in there. but anyway, I don't know if there would be repercussions to changing it over
It looks like 2003, is this what you are running?
Do the commands even exist on that system?
They are not scripts, they are actual programs
dsquery and dsmod are programs for supporting AD
Its just piping one command output to the right command
I think they exist... I'm not really sure though. If I go to the command prompt and type in dsquery /? it gives me a whole bunch of info. However, I did a search on the drive and didn't find dsquery.exe or dsmod.exe.
I did a search online and found a site where I could download dsquery.dll
What do I need to do?
in your cmd prompt run
dsquery user -inactive 9
does it give youa list of users?
basically it says
for every user 9 months inactive, disable the user with dsmod command
pipe the list of "dsquery user -inactive 9" to "dsmod user -disabled yes"
so a couple things.
if its 2003 specific, and dont have 2003 you may be out of luck
if you do, then you need to install your resource disks
we do have server 2003... i'll look for those disks i guess
you have the commands, its just the way your executing is wrong or something is wrong
try to execute one command at a time
My husband might be able to help....if you wanna email him and ask him (he's really cool, he wouldn't mind), let me know.
let's see if ezabel can bail me out first, but thanks :)