Powershell Command for AD?

Hi Guys,

Its my first post here. Not sure if I should be posting this so apologies of this is the wrong thread!

I need some help with PowerShell:

Task:

I am a new contractor and have been tasked with clearing down users who have been disabled for over 90 days. (AD is really mixed up and poor housekeeping has been done so far)

What I have done so far:

Created 2 scripts

  1. Pulls two separate lists of users who have not accessed their system for over 90 days (includes every account even service accounts) and users who are disabled.

# Gets time stamps for all computers in the domain that have NOT logged in since after specified date

import-module activedirectory

$domain = “DOMAINNAME”

$DaysInactive = 90

$time = (Get-Date).Adddays(-($DaysInactive))

# Get a list of all AD Accounts which are disabled

Get-aduser -filter “Enabled -eq ‘false'” | ft Name,Samaccountname,enabled | out-file Deactivated_Accounts.csv

# Get all AD computers with lastLogonTimestamp more than 90 days from Current

Get-ADUser -Filter {LastLogonTimeStamp -lt $time} -Properties LastLogonTimeStamp|

# Output hostname and lastLogonTimestamp into CSV

select-object Name, @{Name=”Last Login”; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}} | out-file ListOfUsers90PlusDays.csv

  1. Compares the 2 lists, however, keeps returning an error.

# Comparison of both files

Compare-Object -ReferenceObject (import-csv c:ListOfUsers90PlusDays.csv) -DifferenceObject (import-csv c:Deactivated_Accounts.csv) -Property Name | out-file c:ComparisonWithDisabled.csv -NoPropertyType

I wanted to run a compare object command to differentiate the two files. Any thoughts? Possibly a better command or another solution?

Thanks in advanced guys!!

submitted by /u/MostElite
[link] [comments]

Leave a Reply