Filtering Active Directory users by dates and datemodified property

Tagged: , ,

This topic contains 1 reply, has 2 voices, and was last updated by Profile photo of Don Jones Don Jones 7 months, 2 weeks ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #35257
    Profile photo of Wei-Yen Tan
    Wei-Yen Tan
    Participant

    Hi there,

    I am looking at automating a resignation process when an a person at an organisation leaves.

    Currently the way the service desk do it manually is that when the intranet disables the user it puts the date when the user got disabled in the description property. The way it is written in the Description field is like

    "Disabled 29/06 -Refer 1233236 "
    and the modified field in ADi s written as 29/06/2015

    (sorry about the date notation, I am a New Zealander).

    They match that with the modified field and after two weeks they then proceed to do the necessary removing of group memberships etc.

    The aspect that I am struggling with is the logic Powershell will use to determine based on the requirements of the business, and how that would be written.

    I can get the list of users like so

    
    get-aduser -filter * -Properties description | where {$_.description -like "*disabled*"}
    
    

    but I am unsure how to evaluate it further....

    This is an interesting exercise and I would love to have a basis to work off...any ideas/examples that I can use would be most appreciated.
    regards,

    Wei-Yen Tan

    #35329
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Well, I'd start by filtering as much as possible in the -filter parameter, rather than using * as you're doing. As-is, you're querying the entire domain, which is overkill.

    But for the date comparison what exactly are you looking for? The last modified date in AD being greater than two weeks?

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.