Sunday, 1 February 2015

Find Inactive AD User Accounts using Powershell

We can find and list inactive AD users using the powershell cmdlet Search-ADAccount with the AccountInactive parameter. In this article, I am going to write powershell script samples to list all AD Users who are inactive for particular days and export inactive AD users to CSV file.

Powershell command to list inactive AD Users by TimeSpan:
Search-ADAccount –AccountInactive -TimeSpan "Days.Hrs:Mins:Secs" -UsersOnly
Search-ADAccount  lists both users and computers, we need to pass the parameter -UsersOnly to list only users.

Powershell command to list inactive AD Users by DateTime:
Search-ADAccount –AccountInactive -DateTime "1/10/2015" -UsersOnly

Summary:

Find Inactive AD Users by TimeSpan

The following command find AD users who are not logged in last 90 days by passing the parameters AccountInactive and TimeSpan into powershell cmdlet Search-ADAccount and list the selected properties of all inactive Active Directory users.
Import-Module ActiveDirectory
Search-ADAccount –AccountInactive -TimeSpan 90.00:00:00 -UsersOnly |
 Select -Property Name,DistinguishedName,LastLogonDate
Find Inactive AD Users with Powershell

Find and List Inactive AD Users by DateTime

The following script find AD users who have not logged in since "1/8/2015" and list the selected properties of all inactive Active Directory users.
Import-Module ActiveDirectory
Search-ADAccount –AccountInactive -DateTime "1/8/2015" -UsersOnly |
 Select -Property Name,DistinguishedName,LastLogonDate

Find Inactive AD Users from specific OU with Powershell

We can set target OU scope by using the parameter SearchBase in Search-ADAccount cmdlet. This following command select and list all the AD users who are not logged in last 90 days from the Organization Unit 'TestOU'.
Import-Module ActiveDirectory
Search-ADAccount -SearchBase "OU=TestOU,DC=TestDomain,DC=Local" –AccountInactive -TimeSpan 90.00:00:00 -UsersOnly |
 Select -Property Name,DistinguishedName,LastLogonDate

Export Inactive AD Users to CSV with Powershell

We can export powershell output into CSV file using Export-CSV cmdlet. The following command export selected properties of all inactive Active Directory users to CSV file.
Import-Module ActiveDirectory
Search-ADAccount –AccountInactive -TimeSpan 90.00:00:00 -UsersOnly |
 Select -Property Name,DistinguishedName,LastLogonDate |
 Export-CSV "C:\\InactiveADUsers.csv" -NoTypeInformation -Encoding UTF8
Find Inactive AD Users with Powershell

CSV Output of Disabled AD User Accounts:

Find and Export Inactive AD Users to CSV with Powershell

Advertisements
Advertisements

1 comment:

  1. Is there a way to search using multiple OU's and export all of that data to a csv. I can get one OU to export just fine but can't find a way to do it for multiple OU's.

    ReplyDelete