Docs / Auto Disable Inactive Accounts in Active Directory

Automatically Disable Inactive Accounts in Active Directory

Automatically disable inactive user or computer accounts in Active Directory using the AD Pro Toolkit built-in schedular. You can define the inactivity time (default 90 days) and choose from a serious of actions to run against the inactive accounts.

Conditions

The condition section lets you define details for identifying inactive accounts.

  • Inactivity time: The account is inactive for at least x days. Default is 90 days, you can change this to any time you need. This uses the lastLogonTimestamp to identify stale accounts.
  • Include: Choose to find inactive users, computers or both.
  • Path: Select an OU or choose the entire domain
  • Exclusions: Add accounts to exclude from being automatically disabled

Actions

This section you configure what actions to run on the inactive accounts.

  • Disable: Check this box to auto disable accounts
  • Move to OU: Enables moving accounts to another OU
  • Description: Adds a description to the account
  • Report only: Report only mode sends an email with the identified accounts, but no actions are run.
automatically disabled inactive users in active directory

How to Automatically Disable Inactive Users (or computers)

  1. Open the AD Pro Toolkit
  2. Click on “Scheduler” then click “Add”
  3. Select “Inactive Accounts” from the dropdown
  4. Enter a task name and set the credentials. Click “Next”
  5. Set a schedule frequency, daily, weekly or monthly
  6. Set the conditions (Path is required)
  7. Select one or more actions
  8. Choose output options (email or save to csv)
  9. Click Save

Video Demo