AD-OldUsers.ps1
|
<#PSScriptInfo .VERSION 0.2 .GUID 233d33ae-f817-46b7-9c00-86c07fab06af .AUTHOR anisio@ja.eti.br .COMPANYNAME www.ja.eti.br .COPYRIGHT .TAGS .LICENSEURI .PROJECTURI .ICONURI .EXTERNALMODULEDEPENDENCIES RSAT-ADDS-Tools .REQUIREDSCRIPTS .EXTERNALSCRIPTDEPENDENCIES .RELEASENOTES Only to test versioning .PRIVATEDATA #> <# .DESCRIPTION Disable incative users objects of AD #> Param( # How many idle days to be evaluated. Use Subtraction symbol, like "-90" [Parameter(Mandatory=$false)][string]$IdleDays ) if ($IdleDays) {} else { $IdleDays = "-" + (Get-ItemPropertyValue -Path HKLM:\SOFTWARE\JA\KA-01033 -Name IdleDays) } $Date = [DateTime]::Today.AddDays($IdleDays) $AlwaysEnabled = (Get-ItemPropertyValue -Path HKLM:\SOFTWARE\JA\KA-01033 -Name AlwaysEnabled) $WrkDir = ("C:\JA\KA-01033\") if ([IO.Directory]::Exists($WrkDir)) {} else { mkdir "$WrkDir" -ErrorAction Stop } Set-Location -Path "$WrkDir" get-date | Out-File -FilePath ("KA-01033"+(Get-Date -Format yyyyMMdd).ToString()+".log") -Append ForEach ($IdleUser in Get-ADUser -Filter 'LastLogonDate -le $Date -and Enabled -eq "True"') { if ($IdleUser.SamAccountName.ToString() -in $AlwaysEnabled) {} else { Disable-ADAccount $IdleUser -Verbose $IdleUser.SamAccountName.ToString() | Out-File -FilePath ("KA-01033"+(Get-Date -Format yyyyMMdd).ToString()+".log") -Append } } |