Comments (13)

  1. Anonymous says:

    In my environment to find inactive users and disable them, I use Lepide active directory cleaner(http://www.lepide.com/active-directory-cleaner/ ) that works great for me. It provide the option
    to find-out and locate user accounts that are obsolete or not in use for a long time and take appropriate action further according to your requirement such as (remove, disable or move them to another

    OU).

  2. Anonymous says:

    I have found that when retrieving the User account properties (e.g. "string]$lastLogonInterval = $user.Properties.lastlogontimestamp") the property value is only correctly retrieved if the property name is all lowercase (e.g. "lastlogontimestamp"). Any other case causes a null value to be returned.

    If you look at the property names in ADSI Edit, for example, they are all Camel cased (e.g. "lastLogonTimestamp")

  3. Anonymous says:

    Not sure the signifance, but I noticed that I was unable to execute $account.setinfo() as that method did not exist, after $account.psbase |gm ran, I found that CommitChanges() seemed to be a likely replacement. So in my case, running Windows 7, Powershell v2 and a 2008 domain, $account.psbase.commitchanges() is what locked the disabled property down for me. Additionally this example uses user objects, and in my case i needed to disable computer objects, maybe that's the difference, but either way I felt I should drop this comment, since I based my code off the above script.

    Thanks!

  4. Oleg says:

    If LastLogon (LastLogonTimeStamp) not set, script not analyze this user.

  5. datekho says:

    An example of how to use this might help. I can't even get the script started from the PS command line!

  6. Patton says:

    The term 'which' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the pat

    h is correct and try again.

  7. Eddie says:

    Netwrix inactive users tracker monitors all stale  user accounts, and is offered as freeware. If you’re like me and struggle with scripts, this is a very easy solution that I recommend. Download it from netwrix.com

  8. Jared says:

    Thaks Eddie– I just downloaded the NetWrix tool, and it works very ell. Have you evaluated the enterprise version? We're using the freeware version right now, and I'm wondering if you can tell me how the versions differ.

  9. Eddie says:

    Sorry for the delayed response Jared. Yes, I have evaluated both versions, and there were obviously  a few key  differences that made the enterprise version better than the freeware version. For one, the enterprise version allows automatic disablement or deletion of stale accounts, so there is no need to manually disable them. The enterprise version can also process inactive computer accounts (the freeware version can’t), and it allows for monitoring of inactive accounts in multiple domains/OU’s (the freeware version can only monitor a single domain) .You can see more differences on their site: http://www.netwrix.com/inactive_users_tracker.html

  10. Mahesh says:

    ASN AD Inactive Account Tracker tool helps you to disable/reset/move inactive users/computers ,

    Find here, http://www.adsysnet.com/downloads.aspx

  11. Jeff (Netwrix) says:

    Eddie, Jared thank you for using Netwrix Inactive Users Tracker tool(https://www.netwrix.com/free_tool_for_tracking_of_inactive_users.html)! Eddie has stated all key differences,
    I just want to add that full version Netwrix Inactive Users Tracker is also a part of Netwrix Auditor for Active Directory application –
    https://www.netwrix.com/active_directory_auditing.html.

  12. AD Master says:

    Cleaning up AD should be automated if there is such possibility. Here’s a good example of how it can be done:

    http://www.adaxes.com/tutorials_AutomatingDailyTasks_AutomaticallyDeprovisionInactiveActiveDirectoryUsers.htm