locked
Powershell that disables Active Directory Users that have not logged on for x number of days RRS feed

  • Question

  • Does anyone know a powershell command line that will disable an AD user that has not logged on for x amount of days? I'm not looking for script, but if you know of a command for PShell that can do this, please let me know :)

    Thank you :)

    Wednesday, October 9, 2013 3:04 AM

Answers

  • Hi,

    This assumes you have the AD module available and loaded. If you're not running PowerShell 3.0, you'll need to import the module first (Import-Module ActiveDirectory).

    This will find every user who hasn't logged on in 10 days and disable the account. Remove -WhatIf if you're happy with the list of accounts that would be disabled and run the command again.

    Search-ADAccount -AccountInactive -TimeSpan ([timespan]10d) -UsersOnly | Set-ADUser -Enabled $false -WhatIf

    You may want to target this command to a single OU. If so, use the -SearchBase parameter of Search-ADAccount. Here's a link to the syntax:

    http://ss64.com/ps/search-adaccount.html

    I highly recommend using SearchBase to run this against a smaller set of accounts. 10 days is a pretty small window to be using, so you'll probably find more accounts being returned than you're expecting.


    Don't retire TechNet! - (Maybe there's still a chance for hope, over 12,110+ strong and growing)


    Wednesday, October 9, 2013 3:32 AM

All replies