i found a neat cmdlet that can retrieve inactive, disabled, expired or expiring active directory accounts;
full details about the command can be found on technet;
pay attention to the "-TimeSpan" argument - if you do not use the correct /accepted formatting the search will return wrong objects;
Search-ADAccount -AccountInactive -UsersOnly -SearchBase 'OU=Users,DC=domain,DC=intra' -TimeSpan 90.00:00:00.0 | Select-Object name, lastlogondate
No comments:
Post a Comment