Hi, I'm wondering if anyone can help me with this:
I have a copy of the built-in automated Workflow that cleans up inactive computer accounts. We basically want to disable and move inactive workstation accounts that haven't logged in for 60 days, but would like to build in an exception for specific computers - we do get the odd one or two that are used off-site by remote workers without connecting to the network for extended periods.
I don't really want to put these systems in a separate OU - I'm a firm believer in keeping my OU structure as simple as possible - so I thought I could do this by adding these computers to a security group and writing a filter that says if the "memberOf" attribute does not contain the Distinguished Name (DN) of the security group, then disable the account.
I've currently got the actions that disable and move the inactive accounts disabled in the workflow, so I can just generate a report of computers that fall into these criteria. Unfortunately the report returns no systems. If I run the workflow without the filter then I get several inactive accounts listed.