Most organizations use the same password for each newly created user, so it’s essential to disable — or better, delete — all users who have never logged in. Ideally, you want to disable or delete those users on a daily basis. (Read this for details about the options for cleaning up users who have never logged in.) However, if you don’t have time to manually perform this task each day, you have options to automate it.

Such an automation could be performed using PowerShell. You could also script it using FoxPro. Instead of spending a lot of time and effort trying to precisely perform a task that can be automated and updated if need be, why not look at the solution that lets you create the automation in seconds?

ADManager Plus is a power tool that provides built-in reports that dig deep into Active Directory. As you can see from the linked blog above, there is a built-in report that allows you, with a single click, to find users who have never logged in. Now, you can take that report and introduce automation. Because ADManager’s concept of automation is to leverage these built-in (and customized) reports as the foundation for actions to be performed.

So instead of running the report manually and then taking action on the results manually, ADManager can run the report and perform the actions on the results automatically, on a routine basis. The automation for this is shown in Figure 1.

automate-deprovisioning-and-security-figure-1

Figure 1. Automation in ADManager Plus to disable users who have never logged in.

What if there are some user accounts that need to be exempt from this rule, due to some extenuating circumstance? Let’s say a project has been delayed but finally starts, and now the users need to have accounts that work ASAP. You can use most user attributes as a condition in the ADManager Plus automations, as you can see in Figure 2.

automate-deprovisioning-and-security-figure-2

Figure 2. Automation that disables users that have never logged in except those who are working on Project1.

If you are wondering if multiple conditions can be placed on such automations, the answer is yes. You could also combine the automations with additional tasks, such as moving users to a specific OU and even disabling users and then deleting them after a set period of time.

ADManager Plus provides a simple and easy interface to perform automations that PowerShell and other scripting languages would take hours to create and test. If you want to try ADManager Plus for yourself, you can download it here.

Active Directory Automation