Home ITProActive Directory Powershell to Find Inactive AD Users and Computers Accounts
Powershell to Find Inactive AD Users and Computers Accounts

Powershell to Find Inactive AD Users and Computers Accounts

Admin KT
Admin KT 44 views
0
FacebookTwitterPinterestLinkedinTumblrRedditStumbleuponWhatsappTelegramLINEEmail

The LastLogon and LastLogonTimeStamp attributes can help you to decide if an Active Directory user account or computer account is active or inactive.

Powershell to find inactive accounts Active Directory for 90 days or longer.

Search-ADAccount -UsersOnly -AccountInactive -TimeSpan 90 | ?{$_.enabled -eq $True} | Get-ADUser -Properties Name, EmailAddress, Department, Description, lastLogonTimestamp | Select Name, EmailAddress, Department, Description,@{n=’lastLogonTimestamp’;e={[DateTime]::FromFileTime($_.lastLogonTimestamp)}} | Export-Csv D:\temp\testfunytest.csv

 

Another Powershell script to find inactive accounts for 90 days or longer.

import-module activedirectory
$domain = “example.com”
$DaysInactive = 90
$time = (Get-Date).Adddays(-($DaysInactive))
# Get all AD User with lastLogonTimestamp less than our time and set to enable
Get-ADUser -Filter {LastLogonTimeStamp -lt $time -and enabled -eq $true} -Properties LastLogonTimeStamp |
select-object Name,@{Name=”Stamp”; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}} |
export-csv OLD_User.csv -notypeinformation

 

In Order to Disable a User account, use this to see what accounts you are going to be disabling:

Search-ADAccount -AccountInactive -TimeSpan 90 -UsersOnly |
Where-Object {$_.lastlogondate -ne $null} |
Format-Table Name,SamAccountName,LastLogonDate -AutoSize

 

The below powershell lists all the disabled Active Directory users:

Search-ADAccount –AccountDisabled -UsersOnly

 

Search-ADAccount and list the selected properties of all disabled Active Directory users:

Import-Module ActiveDirectory
Search-ADAccount –AccountDisabled -UsersOnly
Select -Property Name,DistinguishedName

 

Find Disabled Active Directory Users from specific OU:

Import-Module ActiveDirectory
Search-ADAccount -SearchBase “OU=TestOU,DC=TestDomain,DC=Local” –AccountDisabled -UsersOnly
Select -Property Name,DistinguishedName

 

In Order to Export Disabled Active Directory Users to CSV using Powershell user below cmdlet:

Import-Module ActiveDirectory
Search-ADAccount –AccountDisabled -UsersOnly |
Select -Property Name,DistinguishedName |
Export-CSV “C:\\DisabledADUsers.csv” -NoTypeInformation -Encoding UTF8

 

You can check the below cmdlets which will export data in the following order – Givenname, Surname, SamAccountname, PrimarySMTPAddress

Get-QADUser -sizelimit 0 | where {$_.accountisdisabled -eq $true} | select givenname,sn,SamAccountName,PrimarySMTPAddress | Export-Csv -Encoding utf8 c:tempdisabled_users.csv

 

In Order to Move Disabled Active Directory Users and Computers to New OU
Let’s assume you have two OU’s in Active Directory; DisabledUserAccounts and DisabledComputerAccounts.

Get-ADUser -Filter ‘Enabled -eq $False’ | ForEach {Move-ADObject -Identity “$_” -TargetPath “OU=DisabledUserAccounts,DC=domain,DC=com”} #Substitute your domain for “DC=domain,DC=com”

Get-ADComputer -Filter ‘Enabled -eq $False’ | ForEach {Move-ADObject -Identity “$_” -TargetPath “OU=DisabledComputerAccounts,DC=domain,DC=com”} #Substitute your domain for “DC=domain,DC=com”

 

By following above steps you can easily find and remove Active Directory inactive user and computer accounts or you can move them to different OU by using Powershell.

0 comment
0
FacebookTwitterPinterestLinkedinTumblrRedditStumbleuponWhatsappTelegramLINEEmail

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

You may also like

Options available for creating and managing the Azure...

Manage Active Directory with Administrative Center and Windows...

Automated Signatures with Outlook and Active Directory

Create a temporary file with PowerShell

How to Optimizing Group Policy Performance

Track the Source of Failed Logon Attempts in...

Export list of all Active Directory Security Groups...

Configure Universal Group Membership Caching in Active Directory

Create missing objects in complex OU structure

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More