$90Days = (get-date).adddays(-90)
Get-ADUser -SearchBase "DC=DOMAIN,DC=COM" `
-filter {(lastlogondate -notlike "*" -OR lastlogondate -le $90days) `
-AND (passwordlastset -le $90days) `
-AND (enabled -eq $True)} `
-Properties ObjectClass, whenCreated, lastlogondate, passwordlastset | `
Sort-Object -desc whenCreated | `
Select-Object name, ObjectClass, whenCreated, lastlogondate, passwordlastset
2 comments:
Thanks for sharing this PowerShell, it helps to find out inactive active directory users and accounts from active directory. I also found good information from https://blog.netwrix.com/2018/02/15/the-ten-best-free-active-directory-management-tools/ which allows me to disable or stale inactive user and computer accounts from active directory environment and generate the report basis on inactive accounts( user/ computer), never logged on users and actual last logon details of accounts.
Post a Comment