Author Posts

January 1, 2012 at 12:00 am

by sabeltiger81 at 2013-01-28 00:50:32

This script count the days for how long a user has been inactive in AD. But it also takes disabled users into account. So how can I filter out disabled users, so they are not represented in the final output?

Search-ADAccount -UsersOnly -SearchBase "OU=OU1,OU=OU2,DC=DOMAIN,DC=NET" -AccountInactive -TimeSpan 90.00:00:00 | select name,samaccountname,@{n="Days";e={((Get-Date) – $_.LastLogonDate).Days}} | sort Days -Desc

by kittH at 2013-01-28 05:15:13

It doesn't look like there's a builtin switch for that, so you can use Where-Object to select only accounts that are enabled. I put it before your select since you do not include the enabled column.

Search-ADAccount -UsersOnly -SearchBase "OU=OU1,OU=OU2,DC=DOMAIN,DC=NET" -AccountInactive -TimeSpan 90.00:00:00 | Where-Object{$_.Enabled} | select name,samaccountname,@{n="Days";e={((Get-Date) – $_.LastLogonDate).Days}} | sort Days -Desc

by sabeltiger81 at 2013-01-28 07:37:52

That did the trick. You made my day.

by Slashj at 2013-02-21 06:28:00

If you would use the Questtools, you would have an switch for this.

get-qaduser -enabled -searchroot "OU=OU1,OU=OU2,DC=DOMAIN,DC=NET" -notloggenonfor 90 | your selection | your sorting

BR