PoshTip #27 – Get Inactive User Accounts in Active Directory
Inactive Active Directory user accounts can pose a security risk to your organization. You can query Active Directory and generate reports about inactive user accounts.
First, import the AD module:
PS> Import-Module ActiveDirectory
Now you can use the “Search-ADAccount” cmdlet to query Active Directory:
PS> Search-ADAccount -UsersOnly -AccountInactive
You can add “-TimeSpan” parameter. The TimeSpan parameter specifies a time range from the “LastLogonDate” attribute to the current time:
PS> Search-ADAccount -UsersOnly -AccountInactive -TimeSpan 30.00:00:00 -searchBase "OU=Users,dc=DEMO,dc=local"
Note: 30.00:00:00 = 30 days
Thanks for reading! You can follow me on Twitter @PrigentNico