locked
powershell script for search user no login after 90 days RRS feed

  • Question

  • HI all,

    i have a script for search user without logon after 90 days but i want exclude user with password never expires from report and disable execution.

    can you help me? thanks

    # Script per la verifica di account utenti che non accedono al dominio da "x" giorni.
    # 90 giorni.E' necessario cambiare il valore nella variabile $date con un numero a piacimento, questo inidica il tempo di inattività dell'user
    # Conversione leggibile del lastLogonTimeStamp
    # Edit by Ale M.
    
    $date = (Get-Date).AddDays(-90) # 90 è il numero di giorni a partire dall'ultimo logon.
    $search = "OU=myou,DC=mydc,DC=mydc,DC=mydc" # Variabile per la ricerca user in una determinata OU
    $exclude = i need help exclude account with password never expires
    
    Get-ADUser -SearchBase $search -filter {passwordlastset -lt $date} -properties passwordlastset | select name, passwordlastset | sort passwordlastset
    
    # Se si desidera disabilitare gli account utente,togliere commento alla seguente riga:
    # Get-ADUser -SearchBase $search -filter {passwordlastset -lt $date} -properties passwordlastset | Set-ADUser -Enabled $false
    
    # Se si desidera spostare gli user disabilitati in una determinata OU,togliere commento alla seguente riga:
    # Get-ADUser -SearchBase $search -Property Name,Enabled -Filter {Enabled -eq $False} | Move-ADObject -TargetPath "OU=Disabled Users,DC=mydc,DC=mydc,DC=mydc"


    • Edited by alelusi Wednesday, September 20, 2017 3:33 PM error
    Wednesday, September 20, 2017 3:25 PM

Answers

  • Hi,
     
    According to your description, my understanding of your question is: query AD users who have not logged in for more than 90 days and password is not never expires. And if my understanding is wrong, please correct me.

    Based on my research, you could have a try with the following scripts. Hope it is helpful to you:
    Get-ADUser -Filter * -Properties * | ?{$_.PasswordLastSet -lt (Get-Date).AddDays(-90) -and $_.PasswordNeverExpires -ne $true} | Select-Object Name,PasswordLastSet,PasswordNeverExpires

    If you need further help, please feel free to let us know.
     
    Best Regards,
    Albert Ling

    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by alelusi Thursday, September 21, 2017 7:15 AM
    • Unmarked as answer by alelusi Thursday, September 21, 2017 7:22 AM
    • Marked as answer by alelusi Thursday, September 21, 2017 7:47 AM
    Thursday, September 21, 2017 5:15 AM

All replies

  • Sorry but we do not fix or modify scripts you have found on the Internet.


    \_(ツ)_/

    Wednesday, September 20, 2017 3:56 PM
  • Hi,
     
    According to your description, my understanding of your question is: query AD users who have not logged in for more than 90 days and password is not never expires. And if my understanding is wrong, please correct me.

    Based on my research, you could have a try with the following scripts. Hope it is helpful to you:
    Get-ADUser -Filter * -Properties * | ?{$_.PasswordLastSet -lt (Get-Date).AddDays(-90) -and $_.PasswordNeverExpires -ne $true} | Select-Object Name,PasswordLastSet,PasswordNeverExpires

    If you need further help, please feel free to let us know.
     
    Best Regards,
    Albert Ling

    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by alelusi Thursday, September 21, 2017 7:15 AM
    • Unmarked as answer by alelusi Thursday, September 21, 2017 7:22 AM
    • Marked as answer by alelusi Thursday, September 21, 2017 7:47 AM
    Thursday, September 21, 2017 5:15 AM
  • Hi,
     
    According to your description, my understanding of your question is: query AD users who have not logged in for more than 90 days and password is not never expires. And if my understanding is wrong, please correct me.

    Based on my research, you could have a try with the following scripts. Hope it is helpful to you:
    Get-ADUser -Filter * -Properties * | ?{$_.PasswordLastSet -lt (Get-Date).AddDays(-90) -and $_.PasswordNeverExpires -ne $true} | Select-Object Name,PasswordLastSet,PasswordNeverExpires

    If you need further help, please feel free to let us know.
     
    Best Regards,
    Albert Ling

    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    thanks for help
    Thursday, September 21, 2017 7:47 AM