One of the great new capabilities new to ActiveRoles AD CMDLETS version 1.4 is the ability to define criteria for how you want to identify obsolete or inactive accounts. You define the criteria as an “InactiveAccountsPolicy” that can be called from the Get-QADUser cmdlet to list accounts matching the obsolete policy then delete, disable or if you own ActiveRoles Server execute the Deprovisoning policy.
Set-QADInactiveAccountsPolicy
Set the current user preference on what accounts to consider inactive by default.
Syntax
Set-QADInactiveAccountsPolicy [-AccountExpiredPeriod <Int32>] [-PasswordNotChangedPeriod <Int32>] [-AccountNotLoggedOnPeriod <Int32>]
Parameters
AccountExpiredPeriod
Use this parameter to specify the number of days after which an expired account is considered inactive by default. Thus, an account is considered inactive if the account remains in the expired state for more days than specified by this parameter.
AccountNotLoggedOnPeriod
Use this parameter to specify the period, in days, that an account is not used to log on, after which the account is considered inactive by default. Thus, an account is considered inactive if no successful logons to that account occur for more days than specified by this parameter.
PasswordNotChangedPeriod
Use this parameter to specify the password age, in days, after which an account is considered inactive by default. Thus, an account is considered inactive if the password of the account remains unchanged for more days than specified by this parameter.
Detailed Description
Use this cmdlet to specify the default conditions that must be met for a user or computer account to be considered inactive. The inactivity conditions are specific to the current user, and have an effect on the cmdlets that support the Inactive parameter (such as Get-QADUser or Get-QADComputer). If no account-inactivity related parameters other than Inactive are supplied, then the Inactive parameter retrieves the accounts that meet the conditions defined by this cmdlet. To view the inactivity conditions that are currently in effect, use the Get-QADInactiveAccountsPolicy cmdlet.
Get-QADInactiveAccountsPolicyView the current user preference on what accounts to consider inactive by default.
Syntax
Get-QADInactiveAccountsPolicy
Detailed Description
Use this cmdlet to examine the settings that were specified by using Set-QADInactiveAccountsPolicy, and are in effect for the current user session. These settings specify the default conditions that must be met for a user or computer account to be considered inactive. The inactivity conditions are specific to the current user, and have an effect on the cmdlets that support the Inactive parameter (such as Get-QADUser or Get-QADComputer). If no account-inactivity related parameters other than Inactive are supplied, then the Inactive parameter retrieves the accounts that meet the conditions defined by the AccountExpiredPeriod, AccountNotLoggedOnPeriod, and PasswordNotChangedPeriod settings that you can examine using this cmdlet. For details regarding each of these settings, see the corresponding parameter description for the Set-QADInactiveAccountsPolicy cmdlet.
Set-QADInactiveAccountsPolicy
