PowerShell.com
Forums » Using PowerShell » Active Directory » Powershell Disabled Accounts based on last log on time

Powershell Disabled Accounts based on last log on time

rated by 0 users
This post has 4 Replies | 1 Follower

Top 10 Contributor
Posts 211
Top Contributor
Reply
Krishna Posted: 01-26-2010 2:59 AM

We need to clean up users in Active Directory.. One simple step to clean up AD Accounts is to check for the last logon times. If its older then 90 days then disabled the account and move it to the disabled OU

Get-QADUser -Sizelimit 0 |?{ $_.LastLogonTimestamp -lt (get-date).AddDays(-90)} | Select UserPrincipalName | export-Csv "C:\details.csv" 
$csv = Import-csv -path "C:\details.csv" 
foreach($user in $csv) 

Move-QADObject $User -NewParentContainer "domain.com/Disabled Accounts"
Disable-QADUser $user 
}

Regards,
Krishna
http://smtpport25.wordpress.com

Top 500 Contributor
Posts 4
Reply
Xenophane replied on 01-26-2010 3:25 AM

You are missing a "-" in front of Sizelimit

Top 500 Contributor
Posts 4
Reply
Xenophane replied on 01-26-2010 3:31 AM

Another thing, are you sure you mean -gt and not -le ?Smile

Top 10 Contributor
Posts 211
Top Contributor
Reply
Krishna replied on 01-26-2010 3:37 AM

Yep, Thanks..

Top 10 Contributor
Posts 211
Top Contributor
Reply
Krishna replied on 01-26-2010 3:44 AM

Corrected the same, Thanks

Krishna

Page 1 of 1 (5 items) | RSS
Concentrated Tech NSoftware Dell Compellent Sponsored by Idera and Concentrated Tech and NSoftware and Dell Compellent
Copyright 2011 PowerShell.com. All rights reserved.