locked
Powershell unused Service Account in AD RRS feed

  • Question

  • I have five domain controller that i need to powershell against, essentially i need to clean up service accounts (user accounts) to determine what can be safely deleted, and query the following into a CSV:

    CN,samaccountname,displayName,lastLogon,lastLogonTimestamp,mail or target address

    My service accounts live in the following OU's:

    OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com
    OU=POC,OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com
    OU=Sharepoint Dev,OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com
    OU=Sharepoint Prd,OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com
    OU=EPC Sandbox,OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com
    OU=IS OnCall,OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com
    OU=EPC Dev,OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com
    OU=EPC Prd,OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com
    OU=MobileIron Accounts,OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com
    OU=DEV,OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com

    OU=Azure Service Accounts,OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com

    So far i have this but it isn't reporting on "lastlogon", or "displayname". Really need some help please!

    Get-ADUser -Filter * -SearchBase "OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com" -ResultPageSize 0 -Prop CN,samaccountname,displayName,lastLogon,lastLogonTimestamp | Export-CSV C:\SSGServiceAccounts\Users.csv -NoType 

    Tuesday, October 16, 2018 3:19 PM

All replies

  • What is your question?

    Please post code correctly using the code posting tool provided.


    \_(ツ)_/


    • Edited by jrv Tuesday, October 16, 2018 3:26 PM
    Tuesday, October 16, 2018 3:26 PM
  • How can I powershell what I previously listed and target certain OU's and export to a csv to achieve cleanup of service accounts please.
    Tuesday, October 16, 2018 3:54 PM
  • Query your OUs in a loop.


    \_(ツ)_/

    Tuesday, October 16, 2018 6:27 PM
  • Hi,

    Thanks for your question.

    1. You need to store your OU information in the CSV file.

    2. Use foreach loop statement to serach your OU in a loop.

    $ous=Import-Csv -path OU.CSV 
    ForEach($ou in $ous){
    Get-ADUser -Filter * -SearchBase $ou -ResultPageSize 0 -Properties *| Select-Object -Property CN,samaccountname,displayName,lastLogon,lastLogonTimestamp,EmailAddress | Export-CSV C:\SSGServiceAccounts\Users.csv -NoType 
    }

    Best Regards,

    Lee


    Just do it.

    Wednesday, October 17, 2018 3:00 AM
  • While a CSV will work it is unnecessary.  Just use an array.  Also your use of a CSV would not work.  Look carefully at the use of the "foreach" loop and its dereferencing in the command.

    $ouList = @(
        'OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com',
        'OU=POC,OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com',
        'OU=Sharepoint Dev,OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com',
        'OU=Sharepoint Prd,OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com', 
        'OU=EPC Sandbox,OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com', 
        'OU=IS OnCall,OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com', 
        'OU=EPC Dev,OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com', 
        'OU=EPC Prd,OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com', 
        'OU=MobileIron Accounts,OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com', 
        'OU=DEV,OU=Service Accounts,OU=SSG,DC=ssg,DC=domainname,DC=com'
    )


    \_(ツ)_/


    • Edited by jrv Wednesday, October 17, 2018 3:08 AM
    Wednesday, October 17, 2018 3:06 AM
  • Hi,

    Thank you.

    It's a good idea.

    Best Regards,

    Lee


    Just do it.

    Wednesday, October 17, 2018 3:09 AM
  • Lee,

    Lee,If the OU changes frequently then a CSV or just a plain text file would be better.

    Jut remember ;) a CSV field needs to be dereferenced so fix your example so others will not get confused.


    \_(ツ)_/

    Wednesday, October 17, 2018 3:19 AM