Is there a way to get the disabled AD Objects dates ?

This topic contains 5 replies, has 4 voices, and was last updated by  Del 1 year ago.

  • Author
  • #69724


    I'm trying to get all disabled ad objects. and filter only the disabled ad objects and list only the users that have been disabled for more than a year.

    Is there any filter other than LastLogonDate ?

  • #69730

    Roy Atkins

    Sure, here are some examples. These are all AD attributes. You can filter on most of the attributes that make sense to do so, with a few quirks – "EmailAddress" won't work, but "mail" does, for example.

    Get-ADUser -filter {Enabled -eq $False}
    Get-ADUser -Filter {PasswordExpired -eq $True}
    Get-ADUser -Filter {(PasswordNeverExpires -eq $False) -and (Mail -like '*')}
  • #69792

    Matt Bloomfield

    When an account is disabled, the userAccountControl attribute is set to 514. You can use Get-ADReplicationAttributeMetadata to find out when that attribute was last set:

    $disabledUsers = Get-ADObject -Filter "ObjectClass -eq 'User' -and userAccountControl -eq '514'"
    foreach ($disabledUser in $disabledUsers) {
        Get-ADReplicationAttributeMetadata $disabledUser -Server localhost | 
            Where-Object {$_.AttributeName -eq 'UserAccountControl'} | Select Object,LastOriginatingChangeTime |
                Where-Object {$_.LastOriginatingChangeTime -lt (Get-Date).AddDays(-365)}
  • #69814

    Richard Siddaway

    That shows the date of the last change which may or may not be when the account was disabled.
    You may have to use one of the optional fields to set a date

  • #69846

    Matt Bloomfield

    Richard, can you elaborate please? I'm not seeing the flaw in my logic.

    If the current value of the attribute is 514 (account disabled) and the LastOriginatingChangeTime property of the attribute shows the date/time of the last change to the attribute, under what circumstances might it not represent the date/time when the account was disabled?

  • #69921


    Thanks guys

You must be logged in to reply to this topic.