StaleHosts

1.0.1

StaleHosts.psm1

                                <#

.Synopsis

This module can be used to find stale objects in Active Directory, such as inactive computer or user accounts and empty security groups.

By default, this script will search for objects that have been inactive for a year (365 days).

Written by vasken@ucr.edu

.Description

Get-StaleHosts is a wrapper around the search-adaccount,get-adgroup, and get-aduser cmdlets.  It will print users and/or computers that have not logged in

for a specified time (defined by the TimeFrame parameter)

.Parameter ADObjectType

This mandatory parameter represents the Active Directory object type to search for. It must be either 'Computer' or 'User'

.Parameter TimeFrame

This optional parameter represents the number of days the account has been inactive for, and must be an integer between 1 and 999.

.Example

Get-StaleHosts -ADObjectType Computer 

.Example

Get-StaleHosts -ADObjectType Computer -TimeFrame 45

.Example

Get-StaleHosts -ADObjectType User

.Example

Get-StaleHosts -ADObjectType User -TimeFrame 700

.Example

Get-StaleHosts -ADObjectType Group

#>

function Get-StaleHosts

{

    [CmdletBinding()]

    param(

        [Parameter(Mandatory=$true)]

        [ValidateSet('User','Computer', 'Group')]

        [string[]]$ADObjectType = "Computer",

        [ValidateLength(1,3)]

        [String]$TimeFrame = "365",

        [Switch]$ErrorLog,

        [String]$LogFile ='c:\Get-StaleHosts_errors.txt'

        )

    begin 

        {

            switch ($ADObjectType)

             {

               "Computer" {Get-StaleComps($TimeFrame)}

               "User" {Get-StaleUsers($TimeFrame)}

               "Group" {Get-EmptyADGroups}

               default {exit}

             }

        }

    process{}

    end{}

}

function Get-StaleComps

{

    ${stale comps} = $(Search-ADAccount -accountinactive -computersonly -timespan $args[0]  | Sort-Object lastlogondate)

    foreach ($e in ${stale comps})

        {

            Write-Host  -foregroundcolor white -backgroundcolor darkcyan    -nonewline "Last login:  " $e.LastLogonDate"`t"

            Write-Host  -foregroundcolor white  -backgroundcolor blue -nonewline "  "$e.name"   "

            if($e.Enabled -eq $false)

                {    

                     Write-Host  -foregroundcolor white -backgroundcolor red   "   Disabled   "

                }

        else{

                             Write-Host " "

        }

          }

}

function Get-StaleUsers

{ 

    $x = (Get-Date).Adddays(-($args[0]))

    ${stale users} = Get-ADUser -Filter {LastLogonTimeStamp -lt $x -and enabled -eq $true} -Properties LastLogonTimeStamp

    foreach ($y in ${stale users})

        {

            Write-Host  -foregroundcolor white -backgroundcolor darkcyan -nonewline "Last login:  " ([DateTime]::FromFiletime([Int64]::Parse($y.LastLogonTimestamp)))"`t"

            Write-Host  -foregroundcolor white  -backgroundcolor blue -nonewline  "   "$y.givenname"`t"

            Write-Host  -foregroundcolor white  -backgroundcolor darkcyan  "   "$y.name"   "

        }

}

function Get-EmptyADGroups

{

Get-ADGroup -filter * | where {-Not ($_ | Get-ADGroupMember -ErrorAction SilentlyContinue )}| Select Name

}