Inactive AD accounts

From UVOO Tech Wiki
Revision as of 21:30, 12 August 2024 by Busk (talk | contribs)
Jump to navigation Jump to search

Get inactive accounts

# Import the Active Directory module
Import-Module ActiveDirectory

# Define the OU path
$ouPath = "OU=Example Foo Accounts,DC=example,DC=com"

# Define the date thresholds
$PasswordLastSetDateThreshold = Get-Date -Date "July 11, 2023"
$logonDateThreshold = Get-Date -Date "July 11, 2023"

# Get all user accounts in the specified OU that haven't had their passwords reset since the date threshold,
# whose SamAccountName starts with "svc-", have logged in after the logon date threshold, and are active
$usersNoPasswordReset = Get-ADUser -Filter {
    PasswordLastSet -gt $PasswordLastSetDateThreshold -and
    SamAccountName -like "somesvc-*" -and
    LastLogonDate -lt $logonDateThreshold -and
    Enabled -eq $true
} -SearchBase $ouPath -Properties PasswordLastSet, LastLogonDate, Enabled | 
    Select-Object Name, SamAccountName, PasswordLastSet, LastLogonDate, Enabled

# Output the list of users
$usersNoPasswordReset | Format-Table -AutoSize
Retrieved from "https://tech.uvoo.io/index.php?title=Inactive_AD_accounts&oldid=5348"