Public/Get-OHStaleAccount.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
function Get-OHStaleAccount{
   
    
  # .ExternalHelp ADTools-help.xml

    [CmdletBinding(DefaultParameterSetName='Parameter Set 1', 
    SupportsShouldProcess=$false, 
    PositionalBinding=$false,
    HelpUri = 'https://github.com/ozthe2/ADTools/blob/master/Docs/Get-OHStaleAccount.md',
    ConfirmImpact='Medium')]

    Param(            
        [Parameter(Mandatory=$true,
        HelpMessage="Enter the FQDN of the OU that you wish to search eg 'ou=MyOU,ou=MySubOU,dc=MyCompany,dc=Com'",
        ValueFromPipeline=$false,
        ValueFromPipelineByPropertyName=$false, 
        Position=0)]
        [string]
        $OU,

        [Parameter(Mandatory=$false,
        HelpMessage="The number of days, since today, that the account has not logged in to AD. eg 15",
        ValueFromPipeline=$false,
        ValueFromPipelineByPropertyName=$false, 
        Position=1)]
        [ValidateRange(0,365000)]
        [int]
        $DaysInactive=30,

        [Parameter(Mandatory=$false,
        HelpMessage="Enter either Computer or User depending on if you wish to search against computer or user accounts.",
        ValueFromPipeline=$false,
        ValueFromPipelineByPropertyName=$false, 
        Position=2)]
        [ValidateSet("Computer", "User")]
        [string]
        $Object = 'User',

        [Parameter(Mandatory=$false,
        HelpMessage="The results will be only from accounts that are enabled, only accounts that are disabled, or both enabled and disabled accounts. Type enabled, disabled or both.",
        ValueFromPipeline=$false,
        ValueFromPipelineByPropertyName=$false, 
        Position=3)]
        [ValidateSet("Both", "Enabled", "Disabled")]
        [string]
        $Scope = 'Enabled',
        
        [parameter(Mandatory=$false)]
        [Switch]
        $DoNotSearchRecursively       
    )

    begin {
        if (!(Get-Module -ListAvailable -Name ActiveDirectory)) {
            throw "Module: ActiveDirectory not found. Please ensure that the ActiveDirectory module is installed on this system."
        }

        $time = (Get-Date).Adddays(-($DaysInactive))
    }

    process {
        if ($DoNotSearchRecursively) {
            switch ($object) {
                'User' {
                    switch ($scope) {
                         'Enabled' {$Result = Get-ADUser -Filter {LastLogonDate -lt $time -and Enabled -eq $true} -SearchBase $ou -Searchscope OneLevel -ResultPageSize 2000 -ResultSetSize $null -Properties Name , OperatingSystem, SamAccountName, DistinguishedName,lastlogondate}
                        'Disabled' {$Result = Get-ADUser -Filter {LastLogonDate -lt $time -and Enabled -eq $false} -SearchBase $ou -SearchScope OneLevel -ResultPageSize 2000 -ResultSetSize $null -Properties Name , OperatingSystem, SamAccountName, DistinguishedName,lastlogondate}
                            'Both' {$Result = Get-ADUser -Filter {LastLogonDate -lt $time} -SearchBase $ou -SearchScope OneLevel -ResultPageSize 2000 -ResultSetSize $null -Properties Name , OperatingSystem, SamAccountName, DistinguishedName,lastlogondate}
                    }
                }
            
                'Computer' {
                    switch ($scope) {
                         'Enabled' {$Result = Get-ADComputer -Filter {LastLogonDate -lt $time -and Enabled -eq $true} -SearchBase $ou -SearchScope OneLevel -ResultPageSize 2000 -ResultSetSize $null -Properties Name , OperatingSystem, SamAccountName, DistinguishedName,lastlogondate,operatingsystem}
                        'Disabled' {$Result = Get-ADComputer -Filter {LastLogonDate -lt $time -and Enabled -eq $false} -SearchBase $ou -SearchScope OneLevel -ResultPageSize 2000 -ResultSetSize $null -Properties Name , OperatingSystem, SamAccountName, DistinguishedName,lastlogondate,operatingsystem}
                            'Both' {$Result = Get-ADComputer -Filter {LastLogonDate -lt $time} -SearchBase $ou -SearchScope OneLevel -ResultPageSize 2000 -ResultSetSize $null -Properties Name , OperatingSystem, SamAccountName, DistinguishedName,lastlogondate,operatingsystem}
                    }
                }
            }
        } else {
            switch ($object) {
                'User' {
                    switch ($scope) {
                         'Enabled' {$Result = Get-ADUser -Filter {LastLogonDate -lt $time -and Enabled -eq $true} -SearchBase $ou -SearchScope Subtree -ResultPageSize 2000 -ResultSetSize $null -Properties Name , OperatingSystem, SamAccountName, DistinguishedName,lastlogondate}
                        'Disabled' {$Result = Get-ADUser -Filter {LastLogonDate -lt $time -and Enabled -eq $false} -SearchBase $ou -SearchScope Subtree -ResultPageSize 2000 -ResultSetSize $null -Properties Name , OperatingSystem, SamAccountName, DistinguishedName,lastlogondate}
                            'Both' {$Result = Get-ADUser -Filter {LastLogonDate -lt $time} -SearchBase $ou -SearchScope Subtree -ResultPageSize 2000 -ResultSetSize $null -Properties Name , OperatingSystem, SamAccountName, DistinguishedName,lastlogondate}
                    }
                }
            
                'Computer' {
                    switch ($scope) {
                         'Enabled' {$Result = Get-ADComputer -Filter {LastLogonDate -lt $time -and Enabled -eq $true} -SearchBase $ou -SearchScope Subtree -ResultPageSize 2000 -ResultSetSize $null -Properties Name , OperatingSystem, SamAccountName, DistinguishedName,lastlogondate,operatingsystem}
                        'Disabled' {$Result = Get-ADComputer -Filter {LastLogonDate -lt $time -and Enabled -eq $false} -SearchBase $ou -SearchScope Subtree -ResultPageSize 2000 -ResultSetSize $null -Properties Name , OperatingSystem, SamAccountName, DistinguishedName,lastlogondate,operatingsystem}
                            'Both' {$Result = Get-ADComputer -Filter {LastLogonDate -lt $time} -SearchBase $ou -SearchScope Subtree -ResultPageSize 2000 -ResultSetSize $null -Properties Name , OperatingSystem, SamAccountName, DistinguishedName,lastlogondate,operatingsystem}
                    }
                }
            }
        }

        foreach ($Item in $result) {
            if ($item.objectclass -eq 'Computer') {    
                $obj = [PSCustomObject]@{
                                         Name = $Item.Name
                            DistinguishedName = $Item.DistinguishedName
                               SamAccountName = $Item.samAccountName
                                LastLogonDate = $item.lastlogondate
                                 DaysInactive = (New-TimeSpan -Start $item.lastlogondate -End (get-date)).days
                                      Enabled = $item.enabled
                              OperatingSystem = $item.operatingSystem
                }
            } else {
              $obj = [PSCustomObject]@{
                                         Name = $Item.Name
                            DistinguishedName = $Item.DistinguishedName
                               SamAccountName = $Item.samAccountName
                            UserPrincipalName = $item.userprincipalname                            
                                LastLogonDate = $item.lastlogondate
                                 DaysInactive = (New-TimeSpan -Start $item.lastlogondate -End (get-date)).days
                                      Enabled = $item.enabled                            
               }
            }
            
            $obj.psobject.TypeNames.Insert(0, 'OH.ADTools.OHStaleAccounts')
            $obj
        }
    }

    end {}
}