locked
Find user accounts question RRS feed

  • Question

  • TIA.

    I'm trying to:

    Find all 'user' accounts in AD which are enabled, then find those accounts which have not logged in for 60 days, then sort those accounts by lastlogondate, then provide a list of user names and lastlogondate, and (last in my thoughts but very important) the count of the results.

    I've only gotten as far as:      Get-ADUser -Filter {(ObjectClass -eq "user") -and (enabled -eq $true)}

    I've tried to pipe it to Search-ADAccount -AccountInactive -Timespan 60.00:00:00 and have gotten a whole lotta red.

    Any advice, links to read, etc... would be welcome.

    Thanks again,

    Davis

    Monday, April 27, 2015 9:13 PM

Answers

  • If you just need the count, simply pipe to measure-object:


    search-adaccount -accountinactive -timespan 60 -usersonly |
      where-object { $_.Enabled } |
      measure-object
    


    -- Bill Stewart [Bill_Stewart]

    • Marked as answer by Bill_Stewart Friday, June 12, 2015 9:58 PM
    Friday, May 1, 2015 7:39 PM

All replies

  • Here's one way:


    search-adaccount -accountinactive -timespan 60 -usersonly | where-object { $_.Enabled } | foreach-object {
      $user = get-aduser $_ -properties lastLogonTimestamp
      new-object PSObject -property @{
        "DistinguishedName"  = $user.DistinguishedName
        "SamAccountName"     = $user.SamAccountName
        "lastLogonTimestamp" = [DateTime]::FromFileTime($user.lastLogonTimestamp)
      }
    }
    


    -- Bill Stewart [Bill_Stewart]

    • Proposed as answer by Mike Laughlin Monday, April 27, 2015 10:29 PM
    Monday, April 27, 2015 9:29 PM
  • Thanks Mike.  I get this response:

    Unexpected token 'lastLogonTimestamp' in expression or statement.
    At line:1 char:261
    + search-adaccount -accountinactive -timespan 60 -usersonly | where-object { $_.Enabled } | foreach-object { $user = get-aduser $_ -properties lastLogonTimestamp new-object PSObject -p
    roperty @{ "DistinguishedName"  = $user.DistinguishedName "lastLogonTimestamp" <<<<  = [DateTime]::FromFileTime($user.lastLogonTimestamp)}}
        + CategoryInfo          : ParserError: (lastLogonTimestamp:String) [], ParentContainsErrorRecordException
        + FullyQualifiedErrorId : UnexpectedToken

    Wednesday, April 29, 2015 6:25 PM
  • I just copy and pasted the exact code that I posted, above, and it ran without any errors.

    I suspect you have not copied and pasted the exact code.


    -- Bill Stewart [Bill_Stewart]

    Wednesday, April 29, 2015 6:31 PM
  • this also gets what you're looking for.  Putting the initial search in a variable will let you play around with the results without pulling them down again.  not a big deal for a lab or small environment, but it could take a while in a larger environment.

    $60days = (Get-Date).AddDays(-60)
    
    $Allusers = Get-ADUser -Filter * -Properties Enabled,LastLogonTimeStamp 
    
    $Allusers | where {$_.Enabled -eq $true} | Select-Object -Property SAMAccountName,@{n="LastLogonDate";e={[datetime]::FromFileTime($_.lastLogonTimestamp)}} | where {$_.lastlogondate -le $60days} | sort -Property LastLogonDate -Descending
    

    Wednesday, April 29, 2015 6:56 PM
  • Not recommended, because you are pulling all users and then filtering after the fact with where-object. Very inefficient.

    Search-ADAccount is more efficient.


    -- Bill Stewart [Bill_Stewart]

    Wednesday, April 29, 2015 7:03 PM
  • Gentlemen,

    Both of your solutions work and since I'm working with fewer than 20k accounts the efficiency issue is not a show-stopper.  I'm curious how to build the count in.

    Thank you for your time and patience,

    D

    Friday, May 1, 2015 6:02 PM
  • What's your specific question regarding a count?


    -- Bill Stewart [Bill_Stewart]

    Friday, May 1, 2015 6:47 PM
  • you could throw in a tee-object -variable myresults

    and then get the count of objects: ($myresults).count

    so the search-adaccount way:

    search-adaccount -accountinactive -timespan 60 -usersonly | where-object { $_.Enabled } | tee-object -variable myresults | foreach-object {
      $user = get-aduser $_ -properties lastLogonTimestamp
      new-object PSObject -property @{
        "DistinguishedName"  = $user.DistinguishedName
        "SamAccountName"     = $user.SamAccountName
        "lastLogonTimestamp" = [DateTime]::FromFileTime($user.lastLogonTimestamp)
      }
    }
    $count = ($myresults).count
    write-warning "Found $count inactive accounts!"

    Friday, May 1, 2015 6:56 PM
  • Many thanks.  I need the count of how many enabled accounts have not been logged into for X days.  I'll work with your suggestion.
    Friday, May 1, 2015 7:14 PM
  • If you just need the count, simply pipe to measure-object:


    search-adaccount -accountinactive -timespan 60 -usersonly |
      where-object { $_.Enabled } |
      measure-object
    


    -- Bill Stewart [Bill_Stewart]

    • Marked as answer by Bill_Stewart Friday, June 12, 2015 9:58 PM
    Friday, May 1, 2015 7:39 PM