locked
AD Powershell command for deleted users RRS feed

  • Question

  • Hi, can anyone please help with an AD Powershell command to extract deleted AD user accounts showing their start date and end date.
    Wednesday, November 27, 2019 2:38 PM

All replies

  • Hi,

    please be more specific in your question:

    - Where do you want to extract the users from?
    - What do you mean by "Start date" and "End date", there are no such attriutes on user accounts.

    Regards,


    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer" where applicable. This helps the community, keeps the forums tidy, and recognizes useful contributions. Thanks!) Blog: https://blog.pohn.ch/ Twitter: @StoyanChalakov

    Wednesday, November 27, 2019 2:48 PM
  • "Soft-deleted" AD object can be recovered by the Restore-ADObject cmdlet. You can find the AD objects with the Get-ADObject and the -IncludeDeletedObjects switch.

    I don't know what you mean by "their start and end date" though.

    Keep in mind that if you chose to recover a deleted object not all the properties that the object possessed at the time it was deleted were saved so not everything can be recovered.

    Also, this depends on whether you enabled the Active Directory recycle bin for the domain.


    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    Wednesday, November 27, 2019 3:51 PM
  • Hi, thanks for ur response. Am not looking to recover deleted accounts, am just trying to generate an audit report for deleted AD accounts, showing their start & end date.
    Wednesday, November 27, 2019 4:27 PM
  • Then just use "Get-ADObject -IncludeDeletedObjects" and select what you need from the results (you'll get back more than just users).

    Also, the recycle bin doesn't keep things forever. The default tombstone time is 180 days.


    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    Wednesday, November 27, 2019 4:37 PM
  • Hi,

    Thanks for your question.

    Get-ADObject -IncludeDeletedObjects -Filter {objectClass -eq "user" -and IsDeleted -eq $True} -Properties displayname, whencreated,whenchanged | select -Property displayname, whencreated,whenchanged
    

    More information, please refer the link below:

    https://theitbros.com/enable-active-directory-recycle-bin/

    Best regards,

    Lee



    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, November 28, 2019 2:35 AM
  • Hi, thanks for ur response. Am not looking to recover deleted accounts, am just trying to generate an audit report for deleted AD accounts, showing their start & end date.

    Other members have already replied with a PowerShell answer, I would just like to chip in by saying your organization should really instead consider getting a solution that audits AD logs (including object creation/deletion modification/etc...), only then you can truly generate a report of "users that were deleted in the given time period" by using said solution. Although naturally it won't give you a report dating before its installation date.

    Sunday, December 1, 2019 1:46 PM
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Lee


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, December 6, 2019 7:12 AM