PowerTip: Use PowerShell to Get Inactive Active Directory Accounts


Summary: Use Windows PowerShell to get a report of inactive Active Directory accounts.

Hey, Scripting Guy! QuestionHow can I use Windows PowerShell to get a report of inactive Active Directory accounts?

Hey, Scripting Guy! AnswerThe Search-ADAccount cmdlet has a number of parameters and switches to help identify stale accounts:

      • Search-ADAccount -AccountInactive
      • Search-ADAccount -AccountDisabled
      • Search-ADAccount -AccountExpired

You can also use the -UsersOnly or -ComputersOnly switch to narrow the results:

      • Search-ADAccount -AccountInactive -UsersOnly
      • Search-ADAccount -AccountInactive –ComputersOnly

 

Comments (1)

  1. AllenRich says:

    Excellent, thanks for sharing the information about  Search-ADAccount command to get the report of inactive accounts from active directory. I tested an automated tool named Lepide Active Directory Cleaner (
    http://www.lepide.com/active-directory-cleaner/ ). It’s get the facilitate to find inactive accounts in active directory report and generate report which are based on inactive accounts, real last
    logon details of accounts and move inactive them to another OU.

Skip to main content