below a bit (or two) of DCL which generates AUTHORIZE MODIFY commands to DISUSER records before a certain date, which are not disusered already.
You may want to consider to also look at 'expiration' date, and non-interactive logins. (BACKUP !?)
Usage
$ @UAF_LASTLOGIN.COM /OUT=disuser.tmp 90 ! default 31 days, absolute date also accepted
$ TYPE/PAGE disuser.tmp ! Review
$ MCR AUTHORIZE @disuser.tmp ! Execute.
Enjoy,
Hein
$!
$! uaf_last_login.com Hein van den Heuvel,August 2007.
$
$! List records from SYSUAF for which the Last Interactive Login
$! before a cutoff_date and is not yet disusered.
$!
$! Provide number of days, or date, as argument. Default 31 days
$
$ IF p1.EQS."" then p1 = 31
$ IF F$TYPE(p1).EQS."INTEGER"
$ THEN cutoff_text = f$cvtime("0:0:0 -''p1'-")
$ ELSE cutoff_text = f$cvtime(p1)
$ ENDIF
$ s = $status
$ IF .NOT.s then $EXIT 's
$
$!libr/extr=$uafdef/out=uafdef.tmp sys$library:lib.mlb
$!sea uafdef.tmp flag...
$!EQU UAF$Q_LASTLOGIN_I 396
$!EQU UAF$L_FLAGS 468
$!EQU UAF$V_DISACNT 4
$
$close /nolog uaf
$open/error=ooops/read uaf 'f$parse("SYSUAF","SYS$SYSTEM:.DAT",,,"SYNTAX_ONLY")
$
$ found = 0
$ records = 0
$loop:
$ records = records + 1
$ read/nolock/end=done uaf rec
$ username=f$extr(4,12,rec)
$ IF f$cvsi(468*8+4,1,rec) THEN GOTO loop ! disuser already ?
$
$ lastlogin_binary = F$EXTR(396,8,rec)
$ lastlogin_date = F$FAO("!%D",f$cvui(32,32,f$fao("!AD",8,lastlogin_binary)))
$ lastlogin_text = F$CVTIME(lastlogin_date)
$
$ IF lastlogin_text .GTS. cutoff_text THEN GOTO loop
$
$! At this point we have a record which was not dis-usered,
$! and the user has not recently logged in. Policy says to disable the account.
$
$ text = "Last Login " + lastlogin_date
$ IF f$cvsi(0,32,lastlogin_binary) .EQ. 0 THEN text = "Never logged in."
$
$ WRITE sys$output "MODIFY ''username' /FLAG=DISUSER !" + text
$ username = ""
$ found = found + 1
$ goto loop
$
$done:
$WRITE sys$output "! found ", found, " targets. Total records: ", records
$close uaf
$ooops:
$exit '$status
