Display disabled and inactive users and computers

This little script will query your AD and display disabled computers, inactive computers, disabled users and inactive users. Inactive in this examples is 365 days since last logon.

$LastYear = (Get-Date).AddDays(-365)
$AllDisabledComputers = Get-ADComputer -Filter 'Enabled -eq $False'
$AllDisabledUsers = Get-ADUser -Filter 'Enabled -eq $False'
$AllEnabledUnusedComputers = Get-ADComputer -Filter 'Enabled -eq $True' -Properties LastLogonDate | Where-Object {$_.LastLogonDate -lt $LastYear}
$AllEnabledInactiveUsers = Get-ADuser -Filter 'Enabled -eq $True' -Properties LastLogonDate | Where-Object {$_.LastLogonDate -lt $LastYear}
Write-Host "Total disabled computers:"$AllDisabledComputers.name.Count
Write-Host "Total enabled computers, logon more than one year old:"$AllEnabledUnusedComputers.name.count
Write-Host "Total disabled users:"$AllDisabledUsers.name.Count
Write-Host "Total enabled inactive users:" $AllEnabledInactiveUsers.name.Count

This script does not require any admin permissions, by default. Honorable mention for this script to Bjørn Wang

Advertisements