Getting a List of AD Accounts Which Haven’t Been Used Over A Given Period

 Identify recently created user accounts that have not been used to access a web service in 14 days. I’m looking to filter on accounts with a blank LastLogonTimeStamp, and a whenCreated date of -14 days:

$TargetDate = Get-Date -Date (get-date).AddDays(-14)

$SearchBase = “OU=People,DC=my,DC=domain,DC=com”

$Filter = {(whenCreated -lt $TargetDate) -and (-not(lastLogonTimeStamp -like “*”))}

get-ADUser -Filter $Filter -SearchBase $SearchBase | Disable-ADAccount


The users who haven’t changed their passwords in the last 90 days:

$90_Days = (Get-Date).adddays(-90)

Get-ADUser -filter {(passwordlastset -le $90_days)}

To see all users who last logged on before January 1, 2013, you could type:

get-aduser -f * | where {$_.lastlogondate -le “1 January 2013”}

Find Those Inactive Users and Computers:

PS C:\> Import-Module ActiveDirectory

PS C:\> Get-ADUser –filter * | Where { $_.passwordLastSet –lt (Get-Date).AddDays(-365) }

PS C:\> Import-Module ActiveDirectory

PS C:\> Get-ADUser –filter * -prop PasswordLastSet | Where { $_.passwordLastSet –eq $null }

Getting a List of AD Accounts Which Haven’t Been Used Over A Given Period

 Identify recently created user accounts that have not been used to access a web service in 14 days. I’m looking to filter on accounts with a blank LastLogonTimeStamp, and a whenCreated date of -14 days:

$TargetDate = Get-Date -Date (get-date).AddDays(-14)

$SearchBase = “OU=People,DC=my,DC=domain,DC=com”

$Filter = {(whenCreated -lt $TargetDate) -and (-not(lastLogonTimeStamp -like “*”))}

get-ADUser -Filter $Filter -SearchBase $SearchBase | Disable-ADAccount


The users who haven’t changed their passwords in the last 90 days:

$90_Days = (Get-Date).adddays(-90)

Get-ADUser -filter {(passwordlastset -le $90_days)}

To see all users who last logged on before January 1, 2013, you could type:

get-aduser -f * | where {$_.lastlogondate -le “1 January 2013”}

Find Those Inactive Users and Computers:

PS C:\> Import-Module ActiveDirectory

PS C:\> Get-ADUser –filter * | Where { $_.passwordLastSet –lt (Get-Date).AddDays(-365) }

PS C:\> Import-Module ActiveDirectory

PS C:\> Get-ADUser –filter * -prop PasswordLastSet | Where { $_.passwordLastSet –eq $null }