Active Directory Script Highlight: Identify User Not Logged in in 180 days

PowerShell-Active-Directory-1Domain migrations are in full swing so I thought I would start to share some of the scripts used in the process.  This one identifies users that have not logged on in over 180 days.  The thought behind this is to find the target population to be migrated.  We all have old accounts in our Active Directories.  There is no reason to migrate all of those stale accounts so this will help you find them early in your identification stages.  This will allow you to disable them and allow for any re-enabling if necessary before the user migration process.

Search-ADAccount -UsersOnly -AccountInactive -TimeSpan 180.00:00:00 | ?{$_.enabled -eq $True} | sort lastlogondate | select-object samaccountname, lastlogondate, name, distinguishedname, enabled | Export-Csv c:\temp\Users180.csv

* Looks at Users older than 180 days within the whole domain,  that are not already disabled and outputting samaccountname, lastlogondate, name, distinguishedname, enabled to a CSV file

Advertisements
This entry was posted in Active Directory, PowerShell and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s