How to manage inactive Active Directory user accounts

Over time, an organization's Active Directory (AD) network can start accumulating inactive user accounts. These accounts can be of employees who may have left the organization, temporary accounts, etc. The problem here is that these inactive AD accounts are easier targets for attackers as these accounts aren't monitored and have passwords that may not have been changed for a long time. So, if you want to take action on such inactive accounts, you will first need to have a list of all such inactive accounts in your AD network. This can be achieved using a simple PowerShell script.

 

The following script, when run against an AD domain, will generate a report of all the inactive accounts in the network.

1. PS C:\> Import-module activedirectory
   
2. 
   
3. $DaysInactive = 30
   
4. $time = (Get-Date).Adddays(-($DaysInactive))
   
5. Get-ADUser -Filter {LastLogonTimeStamp -gt $time -and enabled -eq $true}
   
6. -Properties LastLogonTimeStamp | select-object Name,@{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp).ToString('yyyy-MM-dd_hh:mm:ss')}} | export-csv C:\Scripts\activeusers.csv -notypeinformation
   

• Related Articles

• Automating Active Directory user creation

  Creating a single Active Directory (AD) account is a simple task. However, in an organization, the number of AD user accounts an administrator would have to create can rise drastically, making the simple task cumbersome. This is where the process of ...

• How to get memberships of the Active Directory user using PowerShell

  One of the essential parts of Active Directory administration is to manage user memberships in Active Directory. There may be times when the membership of a specific user need to be identified. In this article, we will explain how to use PowerShell ...

• PowerShell for AD user reports

  Real-time insights on user account status and activity can help AD  administrators manage accounts better. Many administrators use Microsoft's PowerShell scripts to generate Active Directory reports  and pull detailed information. Below are some ...

• How to create and manage Microsoft 365 groups with PowerShell

  Introduction: Microsoft 365 Groups is a collaboration feature that allows users to work together and share resources such as calendars, files, and email messages. Microsoft 365 Groups can be created and managed using the Microsoft 365 admin center, ...

• How to Get and Set properties of the Active Directory user using PowerShell

  In this article, we will discuss how to get and set properties of an Active Directory user using PowerShell. Here’s how to get User Properties To get user properties from Active Directory, Get-ADUser cmdlet can be used. Here is an example of how to ...