Powershell Listing inactive accounts

Question

I am trying to list all accounts that have not been logged into outside of 6 months.

This is my first time really using powershell and I am simply editing other people's scripts at this point to fit my own needs.

I want to separate the search into two lists : computers only and users only.

Code for computers outside six months.

Search-ADAccount -accountinactive -computersonly | where {$_.lastlogondate -lt (get-date).addmonths(-6)} | FT Name,LastLogonDate

Code for users outside six months.

Search-ADAccount -accountinactive -usersonly | where {$_.lastlogondate -lt (get-date).addmonths(-6)} | FT Name,LastLogonDate

However, these are not working and are just spitting out all accounts. I have also noticed changing the -6 to any number really has no effect. Suggestions?

score 2 · Answer 1 · answered Nov 21 '13 at 09:43

Have a look here for Tracking the inactive users by categories(logon status,disabled users,password expired users,acc expired users,neverloggedon users,deleted users,etc)

http://www.adsysnet.com/asn-active-directory-inactive-account-tracker-features.aspx

JPBlanc · Accepted Answer · 2012-05-03T20:28:28.827

1

Your test is OK (it's working in my AD) the only thing is that you have to eliminate the objects where $_.lastlogondate is null.

try :

Search-ADAccount -accountinactive -usersonly  | where {! ($_.lastlogondate -lt (get-date).addMonths(-6))} | ft Name,lastlogondate

Edited :

Because the lastLogon attribute is not replicated in Active Directory, a different value can be stored in the copy of Active Directory on each Domain Controller. One solution is to loop over all domains controlers to build a list such users. But I'am quite sure there is an other solution !

edited May 03 '12 at 20:28

answered May 03 '12 at 20:21

JPBlanc

70,406
17
130
175

Seems as if ALL of my lastlogindates are null. Any idea why that is the case? – Zac Borders May 03 '12 at 20:25

score 0 · Answer 3 · answered May 03 '12 at 20:01

0

I believe you need to pass a date or a timespan along with the -AccountInactive switch. Doing should make your custom filter unnecessary, so try something like this (untested):

Search-ADAccount -accountinactive -datetime (get-date).AddMonths(-6) -computersonly | ft Name,LastLogonDate
Search-ADAccount -accountinactive -datetime (get-date).AddMonths(-6) -userssonly | ft Name,LastLogonDate

answered May 03 '12 at 20:01

goric

11,491
7
53
69

I am having the same issue with your script as mine. I can change the 6 to anything and still doesn't affect the script. And in the list it is giving me computers/users that I know for a fact are used on a daily basis. – Zac Borders May 03 '12 at 20:09
Try with a hardcoded date, omitting the -useronly parameter, and without the filter, just to see what happens? `Search-ADAccount -accountinactive -datetime "11/3/2011"` – goric May 03 '12 at 20:19

score 0 · Answer 4 · answered May 03 '12 at 20:04

0

$sixMonths = (Get-Date).AddMonths(-6)
Search-ADAccount -accountinactive -usersonly -datetime "$sixMonths"

answered May 03 '12 at 20:04

David Brabant

41,623
16
83
111

Same goes for this script, I am getting a huge list that isn't actually confined by the last logged in time. – Zac Borders May 03 '12 at 20:12
Have you seen this? http://www.windowsitpro.com/article/windows-power-tools/searchadaccount-missing-15-days-141849 – David Brabant May 03 '12 at 20:17

Powershell Listing inactive accounts

4 Answers4