Manage accounts by WhenChanged, WhenCreated and LastLogon
Top  Previous  Next


[Settings_Begin]
BatchSettings.Delimiter=TAB
BatchSettings.MarkerCol=5
BatchSettings.MarkersAutoRemove=Yes
BatchSettings.UndoCommandsInBatch=Yes

SET ADDomainPath=dc=com/dc=acme/dc=D2

SET DeleteInactiveAfter=90
[Settings_End]

[Machines_Begin]
\\EDU8      NT PDC    
[Machines_End]

[Init_Batch_Begin]
Data.Get.AD Container,%ADDomainPath%, User, Yes, ADpathContainer§1§CN§2§AccountDisabled§3§WhenChanged§4§   
Data.Loop   
  If %col3%=Enabled Then   
   Data.Row.Delete   
 EndIf   
Data.EndLoop   
Data.Loop   
 If %Date% < DateAdd(copy(%col4%,1,10),%DeleteInactiveAfter%) Then   
   Data.Row.Delete
 EndIf   
Data.EndLoop   
If %RowsTotal% = 0 Then   
 MessageBox There are no accounts to delete.   
 QuitBatch   
EndIf   
Data.Show   
[Init_Batch_End]

[Batch_Begin]
Data.Loop   
 AD.Account.Delete %col1%, %col2%   
Data.EndLoop   
[Batch_End]

[Data_Begin]
[Data_End]


This scripts displays all accounts disabled for 90 days or more in a dialog, click "Continue" to delete the accounts.

How it works

1.Export all accounts in the domain d2.acme.com to the data section. AD container to column 1, common name to column 2, account disabled flag to column 3 and WhenChanged date to column 4.  
2.Remove all data section rows with enabled accounts.  
3.Remove all data section rows where today's date < WhenChanged+90  
4.Show remaining accounts if any, else quit script.  
5.Delete all accounts if "Continue" button clicked  

The script can easily be modified for other tasks; Replace WhenChanged with WhenCreated to manage accounts created at a certain date or with LastLogon to manage accounts that have not been used for a while.

How to create a desktop icon for the script

1.Save the above script as "disabled90.cnu"  
2.Right-click the desktop, select new shortcut  
3.In the "Create shortcut" dialog, click "Browse", locate the AdmWin executable.  
4.Add the text "Delete Inactive IST.cnu" disabled90.cnu /SB /alldata at the end of the row, click next.  
5.Name the icon and click finish.  

Click the icon once a week to delete all unused accounts.

Example 2 - how to delete accounts that has not been changed for 90 days or more with AccountExpires set to 2000-01-01

Replace the [Init] section in the above script with this code:

[Init_Batch_Begin]
Data.Get.AD Container,%ADDomainPath%, User, Yes, ADpathContainer§1§CN§2§AccountExpires§3§WhenChanged§4§   
Data.Loop   
 If %col3%<>2000-01-01 Then   
   Data.Row.Delete
 EndIf   
Data.EndLoop   
Data.Show   
Data.Loop   
 If %Date% < DateAdd(copy(%col4%,1,10),%DeleteInactiveAfter%) Then   
   Data.Row.Delete
 EndIf   
Data.EndLoop   
If %RowsTotal% = 0 Then   
 MessageBox There are no accounts to delete.   
 QuitBatch   
EndIf   
Data.Show   
[Init_Batch_End]