Difference between revisions of "Inactive AD accounts"
Jump to navigation
Jump to search
(Created page with "# Get inactive accounts ``` # Import the Active Directory module Import-Module ActiveDirectory # Define the OU path $ouPath = "OU=Example Foo Accounts,DC=example,DC=com" # D...") |
|||
| Line 15: | Line 15: | ||
$usersNoPasswordReset = Get-ADUser -Filter { | $usersNoPasswordReset = Get-ADUser -Filter { | ||
PasswordLastSet -gt $PasswordLastSetDateThreshold -and | PasswordLastSet -gt $PasswordLastSetDateThreshold -and | ||
| − | SamAccountName -like " | + | SamAccountName -like "somesvc-*" -and |
LastLogonDate -lt $logonDateThreshold -and | LastLogonDate -lt $logonDateThreshold -and | ||
Enabled -eq $true | Enabled -eq $true | ||
Revision as of 21:30, 12 August 2024
Get inactive accounts
# Import the Active Directory module
Import-Module ActiveDirectory
# Define the OU path
$ouPath = "OU=Example Foo Accounts,DC=example,DC=com"
# Define the date thresholds
$PasswordLastSetDateThreshold = Get-Date -Date "July 11, 2023"
$logonDateThreshold = Get-Date -Date "July 11, 2023"
# Get all user accounts in the specified OU that haven't had their passwords reset since the date threshold,
# whose SamAccountName starts with "svc-", have logged in after the logon date threshold, and are active
$usersNoPasswordReset = Get-ADUser -Filter {
PasswordLastSet -gt $PasswordLastSetDateThreshold -and
SamAccountName -like "somesvc-*" -and
LastLogonDate -lt $logonDateThreshold -and
Enabled -eq $true
} -SearchBase $ouPath -Properties PasswordLastSet, LastLogonDate, Enabled |
Select-Object Name, SamAccountName, PasswordLastSet, LastLogonDate, Enabled
# Output the list of users
$usersNoPasswordReset | Format-Table -AutoSize