Sri Lanka IT Pro Forum
Powering-up Enterprises in Sri Lanka
Forums » Forums » Windows Server » Windows 2003 Active Directory

Windows 2003 Active Directory

rated by 0 users
This post has 0 Replies | 1 Follower

Top 150 Contributor
Posts 2
Reply
pradeepk Posted: 04-27-2008 12:01 PM

Managing Active Directory 

Moving/Disabling or Removing Old Computers/Old Users (I will use this word to describe obsolete Computers/Users for long time) from AD, is a kind of a Challenging task when it comes to a large organization. Consider an organization which has 5000+ client Computers/Users globally. And we planned to remove all obsolete client Computers/Users which has not been used for last 90 days. What we can do?


We can use,

1. ADSI to query those obsolete computers and move/Disable or Remove

2. Some free/Commercial tools available.

But we can’t do something well planned with those tools available. I mean something really worth for corporate community. What I mean is we just can’t do a move, disable or remove a computer in a slap because, we don’t know whether the Computer/User account owner has left the organization. May be the owner of Computer/User is having some kind of vacation (Parental leave or something), May be the owner of Computer/User is on Medical leave for long time.

I this kind of situation,

·        We can’t use ADSI because,

        We just can query the objects and we have to do other things (Disabling/Moving  

        removing) manually.

·        We cant use free/commercial tools available because,

There is no proper managed way. For example, the utility OldCmp from www.joeware.net/freetools/tools/oldcmp/index.htm . There are only 3 options available (report, disable, delete and some more related to this)

 

But what I suggest is,

First we have to query for Old Computers/Users which has been not used for long time (say x days). And then we can move those computers to temporary OU and disabled them and keep there for some y days. Then after we disabled we are generating report for y days (1 for each day) and keep those report in a common mail box or a common shared location. And if we don’t have any complains about disabled Computers/User Account we will delete those account permanently.

I have written a little tiny tool for this. There we can specify the target OU which contain All Old Computer/User accounts. We can specify Temporary OU which will keep Disabled Computer/User account for y days. We can specify x, y values and if we want we can specify the mail address which can e-mail reports.

I think this is a well organized way to do the cleaning task.

Page 1 of 1 (1 items) | RSS
Powered by Community Server (Commercial Edition), by Telligent Systems