Getting a List of AD Accounts Which Haven’t Been Used Over A Given Period

 Identify recently created user accounts that have not been used to access a web service in 14 days. I’m looking to filter on accounts with a blank LastLogonTimeStamp, and a whenCreated date of -14 days:

$TargetDate = Get-Date -Date (get-date).AddDays(-14)

$SearchBase = “OU=People,DC=my,DC=domain,DC=com”

$Filter = {(whenCreated -lt $TargetDate) -and (-not(lastLogonTimeStamp -like “*”))}

get-ADUser -Filter $Filter -SearchBase $SearchBase | Disable-ADAccount


The users who haven’t changed their passwords in the last 90 days:

$90_Days = (Get-Date).adddays(-90)

Get-ADUser -filter {(passwordlastset -le $90_days)}

To see all users who last logged on before January 1, 2013, you could type:

get-aduser -f * | where {$_.lastlogondate -le “1 January 2013”}

Find Those Inactive Users and Computers:

PS C:\> Import-Module ActiveDirectory

PS C:\> Get-ADUser –filter * | Where { $_.passwordLastSet –lt (Get-Date).AddDays(-365) }

PS C:\> Import-Module ActiveDirectory

PS C:\> Get-ADUser –filter * -prop PasswordLastSet | Where { $_.passwordLastSet –eq $null }

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s