Display disabled and inactive users and computers

This little script will query your AD and display disabled computers, inactive computers, disabled users and inactive users. Inactive in this examples is 365 days since last logon.

$LastYear = (Get-Date).AddDays(-365)
$AllDisabledComputers = Get-ADComputer -Filter 'Enabled -eq $False'
$AllDisabledUsers = Get-ADUser -Filter 'Enabled -eq $False'
$AllEnabledUnusedComputers = Get-ADComputer -Filter 'Enabled -eq $True' -Properties LastLogonDate | Where-Object {$_.LastLogonDate -lt $LastYear}
$AllEnabledInactiveUsers = Get-ADuser -Filter 'Enabled -eq $True' -Properties LastLogonDate | Where-Object {$_.LastLogonDate -lt $LastYear}
Write-Host "Total disabled computers:"$AllDisabledComputers.name.Count
Write-Host "Total enabled computers, logon more than one year old:"$AllEnabledUnusedComputers.name.count
Write-Host "Total disabled users:"$AllDisabledUsers.name.Count
Write-Host "Total enabled inactive users:" $AllEnabledInactiveUsers.name.Count

This script does not require any admin permissions, by default. Honorable mention for this script to Bjørn Wang

Advertisements

One thought on “Display disabled and inactive users and computers

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s