PowerShell How To: Find all users where account is inactive

I was recently asked asked to find all the users in Active Directory where their account was inactive.

There is a PowerShell commandlet called Search-ADAccount that you can use to find if the account is inactive by using the parameter -AccountInactive.

This is kind of crude but works well. I couldn’t figure out how to get the headers into the csv so I simply did a write-output for the first section.

#######################
# Ed Rockwell
# Free to use
# Version 1.0
# 8/7/2017
#######################
$time = 90 # Days since last login
$users = Search-ADAccount -AccountInactive -UsersOnly -TimeSpan $time # Get all users within that timeframe with AccountInactive Property greater than $time
$path = "C:\Powershell\AccountInactive" # Where to write file

#File Name
new-item $path\users.csv -Force

# Set the header of csv (Change this if you add to the write-output below)
write-output "$("SamAccountName"),$("Enabled"),$("PasswordExpired"),$("LastLogonDate"),$("OU Location")"  | add-content -path $path"\users.csv"

# Find users 
foreach ($user in $users) 
    {
        If ($user.DistinguishedName -notmatch 'OU=Disabled Users' -and $user.DistinguishedName -notmatch 'OU=Service Accounts' -and $user.DistinguishedName -notmatch 'CN=Microsoft Exchange System Objects')
            {
                $DN = $user.distinguishedname -split ',' 
                $container = $DN[1]
                write-output "$($user.SamAccountName),$($user.Enabled),$($user.PasswordExpired),$($user.LastLogonDate),$($container)" | add-content -path $path"\users.csv"
            }
    }

Leave a Reply

Your email address will not be published. Required fields are marked *