Hosting Provided By

RE: Expire accounts from Active Directory after a period of inactivity

From: Laura A. Robinson <larobins(at)bellatlantic.net>
Date: Mon Mar 24 2003 - 18:23:59 EST

One thing to be conscious of- in Windows 2000, last logon time/date is not replicated through AD. It is stored locally on the authenticating DC. Therefore, you could not simply query AD for this information- you would have to query each DC. In Windows Server 2003, once you've raised your domains and forest functional levels to Windows Server 2003 (no downlevel DCs), the ability to retrieve logon time/date from AD exists and the information replicates. In fact, there is a pre-definied query in ADU&C in Windows Server 2003 for just this purpose.

Laura

> -----Original Message-----
> From: Nero, Nick [mailto:Nick.Nero@disney.com]
> Sent: Friday, March 21, 2003 4:23 PM
> To: Clark, Andre M.; Matt Grogan; focus-ms@securityfocus.com
> Subject: RE: Expire accounts from Active Directory after a
> period of inactivity

Get serious about enterprise anti-spam management. SurfControl E-mail Filter for SMTP & Exchange leverages multiple layers of technology to defeat spam with accuracy. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfmsl1 Received on Tue Mar 25 13:12:11 2003

This message: [ Message body ]
Next message: Dozal, Tim: "RE: MS03-007 Round-up"
Previous message: Justin Derry: "USB Tokens"
In reply to Nero, Nick: "RE: Expire accounts from Active Directory after a period of inactivity"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:28 EDT