locked
Active Directory User Creation RRS feed

  • Question

  • Is there a way that I can force administrators to disable all user objects that are created in Active Directory? A way to force the "Account is Disabled" field to be checked and greyed out when the administrator is creating an account and gets to the windows prompting for the user's initial password?
    Thursday, July 5, 2012 2:00 PM

Answers

All replies

  • Is there a way that I can force administrators to disable all user objects that are created in Active Directory? A way to force the "Account is Disabled" field to be checked and greyed out when the administrator is creating an account and gets to the windows prompting for the user's initial password?

    As far as I know, it's not possible by default. 

    Just curious, what's the intention behind this idea ?


    Press any key... What the ... Where's any key ?

    This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    About Me ?

    • Proposed as answer by Jayawardhane Sunday, July 8, 2012 5:37 AM
    Thursday, July 5, 2012 6:54 PM
  • There is nothing within the native AD tools to provide the functionality you are requesting.

    IT Guides and Videos | itgeared.com

    itgeared.com facebook twitter youtube

    • Proposed as answer by Jayawardhane Sunday, July 8, 2012 5:37 AM
    Thursday, July 5, 2012 7:03 PM
  • Hi,

    Before going further, we’d better confirm the issue first. Does that mean you want to find a method to disable all users in the domain once? At this time, I suggest we could try to achieve the target via PowerShell. Please refer to the following article for details.

    Disable-ADAccount

    http://technet.microsoft.com/en-us/library/ee617197

    Also, we could try to disable a user account via a script. The article below may be userful.

    Disable a User Account

    http://gallery.technet.microsoft.com/scriptcenter/0aaf210f-8ee2-422d-b6bb-11aa76877412

    If you have trouble in editing the script, I suggest we ask in the script forum.

    The Official Scripting Guys Forum!

    http://social.technet.microsoft.com/Forums/en/ITCG/threads/

    Regards,

    Andy


    • Edited by Andy Qi Friday, July 6, 2012 6:34 AM
    • Proposed as answer by Jayawardhane Sunday, July 8, 2012 5:37 AM
    • Marked as answer by Andy Qi Monday, July 23, 2012 5:23 AM
    Friday, July 6, 2012 6:33 AM
  • I figured that this would be a long shot as I have not seen any documentation for this. The intent is to allow some admins to create accounts, but for them to be disabled until their (the user's) documentation has been verified. Basically I would like to grant some of our admins the capability to create user accounts, but I dont want to allow them to enable those accounts. I would like to only allow administrators in the tier above them to enable accounts. To my knowledge this function does not exist in Active Directory. I appreciate any further insight that can be provided.
    Monday, July 9, 2012 11:20 AM