none
Search-ADAccount -AccountInactive -TimeSpan "xx" -UsersOnly showing inconsistent results. RRS feed

  • Question

  • Hi all, 

    I have basic powershell script which reports on inactive user accounts but the results it's pulling back don't make sense. Let me explain.

    I'm running the script on 19th September 2017 - Powershell get-date command shows "19 September 2017 14:22:36"

    The basic script I'm running is:

    $info = Search-ADAccount -SearchBase $searchbase -AccountInactive -TimeSpan "25" -UsersOnly | select Name,DistinguishedName,LastLogonDate,enabled,PasswordExpired,PasswordNeverExpires

    $info | Export-Csv "C:\temp\Accounts Over 25 days - $date.csv" -NoClobber -NoTypeInformation

    This works great, I open the report and filter by Last logon Date and the earliest date shown is the 27th of July 2017. At first I think nothing of this. Then if I change the -timespan property to "20" instead of "25" so I run the below:

    $info = Search-ADAccount -SearchBase $searchbase -AccountInactive -TimeSpan "20" -UsersOnly | select Name,DistinguishedName,LastLogonDate,enabled,PasswordExpired,PasswordNeverExpires

    $info | Export-Csv "C:\temp\Accounts Over 20 days - $date.csv" -NoClobber -NoTypeInformation

    I open the report and filter by Last logon Date and the earliest date shown is the 15th August 2017 now this doesn't make sense to me. 

    Correct me if I'm wrong but if the timespan is set to 20 and the date I run the report is the 19th of September should the earliest date in the results not be 30th August? 20 days before the 19th of September.

    Please help, what am I doing wrong?

    Thanks

    Tuesday, September 19, 2017 1:53 PM

All replies

  • "timespan" should be an object.

    See help for the command for examples.


    \_(ツ)_/

    Tuesday, September 19, 2017 5:43 PM
  • "timespan" should be an object.

    See help for the command for examples.


    \_(ツ)_/

    I've checked the help file:

    The following examples show how to set this parameter.
    Set the time to 2 days
    -TimeSpan "2"
    Set the time span to the previous 2 days
    -TimeSpan "-2"
    Set the time to 4 hours
    -TimeSpan "4:00"

    Regardless if I use the -datetime attribute I get the same results. 

    Can someone tell me which property in AD the command is looking at? is it the Lastlogondate.

    Wednesday, September 20, 2017 12:52 PM
  • LastLogon has a resolution of about 14 days so values less than that may be flakey.


    \_(ツ)_/

    Wednesday, September 20, 2017 1:02 PM