Link to home
Start Free TrialLog in
Avatar of Rammy Charles
Rammy CharlesFlag for United States of America

asked on

PS script for report of accounts havent logged in for a long time

Is there a powershell script that can run a report against active directory to seek and find accounts who havent logged into the forest in a long time?
Avatar of Amit
Amit
Flag of India image

You can check last long time for user using PS. Check this Script:
https://gallery.technet.microsoft.com/scriptcenter/Get-Active-Directory-user-246f17c7

Test it.
ASKER CERTIFIED SOLUTION
Avatar of austin minor
austin minor

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Rammy Charles

ASKER

austin that is what i wanted. do you oknow if i can add filters to not show some accounts on the report and also how can i sort by lastlogontimestamp?
Avatar of Jeremy Weisinger
Jeremy Weisinger

You filter the results by using Where-Object (aka ?). So if you have a list of users you could match the current name against it.
And sorting is easy enough. Sort-Object <property name>.  Putting it together is something like this:
$userfilter = Get-Content C:\filterlist.txt
Search-ADAccount -UsersOnly -AccountInactive -TimeSpan 90 | ?{$_.enabled -eq $True} | Get-ADUser -Properties Name, EmailAddress, Department, Description, lastLogonTimestamp | ?{$userfilter -notmatch $_.SamAccountName} | Select Name, EmailAddress, Department, Description,@{n='lastLogonTimestamp';e={[DateTime]::FromFileTime($_.lastLogonTimestamp)}} | sort lastlogontimestamp | Export-Csv D:\temp\testfunytest.csv

Open in new window

Note the additions of
$userfilter = Get-Content C:\filterlist.txt
?{$userfilter -notmatch $_.SamAccountName}
sort lastlogontimestamp

Be sure to edit for your environment.