Powershell Script to Disable inactive Users

Disable users that have been inactive for 90 days.

Have not improved format yet.

Must be run on a DC with Domain Admin rights.

# Get today's date
$date = get-date

# Set variable LLTSlimit to today's date minus 90 days
$LLTSlimit = (Get-Date).AddDays(-90).ToFileTimeUTC().ToString()

# Set variable LDAPfilter as a LDAP filter to only find ACTIVE user accounts (useraccountcontrol piece) that have a lastlogontimestamp of older than 90 days
$LDAPFilter = "(&(objectCategory=Person)(objectClass=User)(lastlogontimestamp<=$LLTSlimit)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" #output LDAPfilter to txt file for loop dsquery * domainroot -filter $LDAPFilter -limit 0 > D:\scripts\AD Auto Disable\ADUserstoDisable.txt

#if LDaPfilter is not null, we will disable some accounts and send a email else do nothing.
if (($ldapcontent = get-content "D:\scripts\AD Auto Disable\ADUserstoDisable.txt") -ne $NULL)

    # Pre-create file to store query results
ECHO "Summary of Users Disabled Due To Inactivity" >  D:\scripts\AD Auto Disable\AutoDisableResults.txt
ECHO "*--------------------------------------------------------*" >> D:\scripts\AD Auto Disable\AutoDisableResults.txt

#Loop through the users that need to be disabled one at a time
FOREACH ($f in get-content D:\scripts\AD Auto Disable\ADUserstoDisable.txt)
#Add the user to be disabled to txt file to be emailed out.
$f>>D:\scripts\AD Auto Disable\AutoDisableResults.txt

#get the old description so it can be appended
$olddesc = dsget user $f -desc
$olddesc > D:\scripts\AD Auto Disable\olddesc.txt
$processolddesc = get-content "D:\scripts\AD Auto Disable\olddesc.txt"
$processolddesc = $processolddesc[1]

There is a better version of this script over at vNucleus.com that David wrote:

David recently sold his domain and this link no longer works.  As soon as he republishes his site I’ll update the link.

A newer version can now be found here: http://wp.me/p1VY3A-7R

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: