locked
search inactive user for more than one year but less than 2 RRS feed

  • Question

  •  Hi,

    I need to list AD users that are inactive for more than one year but less than 2 using powershell


    I already try this but it doesn't work

    $Date180 = (Get-Date).adddays(-180)
    $Date365 = (Get-Date).adddays(-365)
    $Date730 = (Get-Date).adddays(-730)
    $searchbasetest = "OU=User,DC=random,DC=toto,DC=JC,DC=CA

    GET-ADUSER -filter * -SearchBase $searchbasetest | where {($_.lastlogondate -ge $date365) -AND ($_.lastlogondate -le $date730)}  | select SAMaccountname | export-csv c:\test.txt

    I need to do that because I have 3 separate OU where I want to move them.

    OU 6 months = disable account

    OU 1 year = I move user home directory to another place

    OU 2 years = remove user to all group

    Any idea


    thank you



    • Edited by PS1Starter Tuesday, July 10, 2018 5:59 PM
    Tuesday, July 10, 2018 5:37 PM

Answers

  • Help Search-AdAccount -online

    Get-AdUser -Filter * -Properties LastLogonDate |
         where{
               $_.LastLogonDate -and 
               $_.LastLogonDate -lt [datetime]::Today.AddYears(-1) -and 
               $_.LastLogonDate -gt [datetime]::Today.AddYears(-2)
         }


    \_(ツ)_/




    • Edited by jrv Tuesday, July 10, 2018 5:56 PM
    • Marked as answer by PS1Starter Wednesday, July 11, 2018 11:46 AM
    Tuesday, July 10, 2018 5:41 PM

All replies

  • Help Search-AdAccount -online

    Get-AdUser -Filter * -Properties LastLogonDate |
         where{
               $_.LastLogonDate -and 
               $_.LastLogonDate -lt [datetime]::Today.AddYears(-1) -and 
               $_.LastLogonDate -gt [datetime]::Today.AddYears(-2)
         }


    \_(ツ)_/




    • Edited by jrv Tuesday, July 10, 2018 5:56 PM
    • Marked as answer by PS1Starter Wednesday, July 11, 2018 11:46 AM
    Tuesday, July 10, 2018 5:41 PM
  • You don't say how the script doesn't work, or how $date365 and $date730 are computed. But both should be PowerShell dates, probably derived from Get-Date. The basic problem is that lastLogonDate is not a default property, so it is not retrieved. Specify it with the -Properties parameter.

    Edit: Also, rather than pipe all users to the Where, filter on the lastLogonDate property before the pipe. Then you don't need to use -Properties, as sAMAccountName is a default property. Your Where clause should work with -Filter, if $date365 and $date730 are valid.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    Tuesday, July 10, 2018 5:45 PM
  • Hi Richard,

    you are right, I was missing some informations. I add them in the post

    $Date180 = (Get-Date).adddays(-180)
    $Date365 = (Get-Date).adddays(-365)
    $Date730 = (Get-Date).adddays(-730)
    $searchbasetest = "OU=User,DC=random,DC=toto,DC=JC,DC=CA

    GET-ADUSER -filter * -SearchBase $searchbasetest | where {($_.lastlogondate -ge $date365) -AND ($_.lastlogondate -le $date730)}  | select SAMaccountname | export-csv c:\test.txt

    I need to do that because I have 3 separate OU where I want to move them.

    OU 6 months = disable account

    OU 1 year = I move user home directory to another place

    OU 2 years = remove user to all group

    thank you for your reply

    Tuesday, July 10, 2018 6:09 PM
  • As I noted, I would suggest you filter before the pipe, rather than use a Where clause. This retrieves a smaller resultset, and does not require using the -Properties parameter to retrieve the LastLogonDate property.

    Get-ADUser -Filter {(LastLogonDate -ge $Date365) -And (LastLogonDate -le $Date730)} -SearchBase $SearchBaseTest | select sAMAccountName | Export-Csv -Path c:\test.txt -NoTypeInformation


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Tuesday, July 10, 2018 7:46 PM