list of all disabeled users in active directory

Hi,

 I need last month or last 30 days disabled users list with name, samaccount, email, diplayname ,description and when was disabled or modified

I would like to run it in active directory as query or in power shell.

If you can provide me with step by step instructions as I am new in PS

Thank you in advance
RabihhajIT HelpDeskAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vaseem MohammedCommented:
Display required info in PS console.
Get-ADUser -Filter * -Properties * | where{ $_.modified -gt ((get-date).AddMonths(-1)) -and $_.enabled -like "False"} | select Name, SAMAccountname, EmailAddress, DisplayName, Description, Enabled, WhenCreated, Modified | FT

Open in new window

To export it to .CSV file
Get-ADUser -Filter * -Properties * | where{ $_.modified -gt ((get-date).AddMonths(-1)) -and $_.enabled -like "False"} | select Name, SAMAccountname, EmailAddress, DisplayName, Description, Enabled, WhenCreated, Modified | Export-Csv -Path i:\Disabled-Users.csv -NoTypeInformation

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Will SzymkowskiSenior Solution ArchitectCommented:
You can use the following below to achieve this...
import-module activedirectory
$date = get-date
Get-ADuser -Filter * -Properties name, samaccountname, emailaddress, displayname, description, Enabled, whenChanged |
? { $_.whenChanged -gt $date.adddays(-31) -and $_.Enabled -eq $false } |
Select name, samaccountname, emailaddress, displayname, description, Enabled, whenChanged |
Export-csv "c:\filename.csv" -nti

Open in new window


This will export the results to a CSV called filename.csv unless you modify this.

Will.
RabihhajIT HelpDeskAuthor Commented:
I will run it and let you know, how long will take to get the report. Does it effect our network performance.

How about if I want to run it on on OU.
Please advise

Thank you in advance
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

RabihhajIT HelpDeskAuthor Commented:
Hi Guys,
I have ran both scripts and both of them did not give me when the user was disabled (Disabled date )

it gave me whenChanged , which is not I need please .
can I get an email address in with this report too please

Thanks
Rabih
Vaseem MohammedCommented:
Email address field is already mentioned in script. If user is mail enabled u will get it in results.
There is no such property like disabled date as far as I know, modified date reflect any kind of modifications.
RabihhajIT HelpDeskAuthor Commented:
Thank you email address is in the script.

how do I know when is the user was disabled , can we run it on the AD user Account not the mailbox .

because we do not disable mailbox , only disable active directory account .

please advise
Will SzymkowskiSenior Solution ArchitectCommented:
how do I know when is the user was disabled , can we run it on the AD user Account not the mailbox .
The ONLY way to achieve what you have asked above is to have Active Directory Auditing Enabled on the Default Domain Controller Policy. Any changes that are made to an account will get logged on the DC where the change "at the time" happened.

Aside from that you will not be able to get the exact Date the users was disabled unless you have Auditing configured. You will also have a hard time doing this going through the Security Logs if you have several DC's because this change could have happened on any DC in your domain, so you would have to reference the Security Logs on all of the DC's (potentially).

If this is what you are after then having a 3rd party product which will collect the logs from the DC's and then present them in a "easy to read" fashion (web gui), is what you will want to implement.

I would recommend Active Directory Auditing by Lepide Software. Free trail available.
http://www.lepide.com/lepideauditor/active-directory.html


Configure Auditing Step-by-Step
https://technet.microsoft.com/en-us/library/cc731607(v=ws.10).aspx

Just remember that if you do not have auditing enabled currently you will only be able to auditing change after that auditing policy has been enabled.

Will.
RabihhajIT HelpDeskAuthor Commented:
Thank you very much for the resolution and explanation ,

both of you were helpful

last question , if I want to add on the script the following :
what OU is seating at and if I want to run it on a one OU

please advise

thanks
rabih
Vaseem MohammedCommented:
Use -SearchBase to target Specific OU. specify the OU with its DN.
Get-ADUser -SearchBase 'OU=OrgUnit,DC=domain,DC=com' -filter * -Properties * | where{ $_.modified -gt ((get-date).AddMonths(-1)) -and $_.enabled -like "False"} | select Name, SAMAccountname,@{N="OU";E={$_.canonicalName.Tostring().split('/')[-2]}}, EmailAddress, DisplayName, Description, Enabled, WhenCreated, Modified | Export-Csv -Path i:\Disabled-Users.csv -NoTypeInformation

Open in new window

RabihhajIT HelpDeskAuthor Commented:
Could you please give me example :)
Vaseem MohammedCommented:
example of what?
Run the given script and check what results you get.
Vaseem MohammedCommented:
Example
RabihhajIT HelpDeskAuthor Commented:
Thanks muhammad. Did not see your script -SearchBase 'OU=OrgUnit,DC=domain,DC=com'

Thank you for your help
RabihhajIT HelpDeskAuthor Commented:
excellent help
Will SzymkowskiSenior Solution ArchitectCommented:
Why such a low grade?

Will.
RabihhajIT HelpDeskAuthor Commented:
Hi Will ,

I used Vaseen script  as his  script outcome  more  columns

I gave you 200 in total is that low . I am new and not sure how the Grade exactly work

thanks
Will SzymkowskiSenior Solution ArchitectCommented:
That is fine how you award the points but you gave us a C grade?

Will.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.