Disable Unused Network Accounts Posted onDecember 2, 2013May 12, 2017AuthorMrNetTek <br /> ### User Variables ###</p> <p># Query Options #<br /> $searchRoot = “domain.local/School Users/sub ou” # Where to begin your recursive search – If you use top-level (e.g. “domain.local/”) make sure to have a trailing slash, otherwise do not use a slash (e.g. “domain.local/Users”)<br /> $inactiveDays = 80 # Integer for number of days of inactivity (e.q. 90)<br /> $timeSinceCreation = 80 # Integer for number of “grace” days since the account was created (to prevent disabling of brand new accounts)<br /> $sizeLimit = 0 # How many users do you want returned. 0 = unlimited. Without setting this the default is 1000</p> <p># Email Settings #<br /> $emailAlerts = 1 # Turn e-mail alerts on or off. 0 = off<br /> $fromAddr = “noreply@schho.com” # Enter the FROM address for the e-mail alert<br /> $toAddr = “it@school.com” # Enter the TO address for the e-mail alert<br /> $smtpsrv = “mail.school.com” # Enter the FQDN or IP of a SMTP relay</p> <p># Enable Script #<br /> $enableAction = 1 # Change to 0 if you want to “whatif” this script – It will bypass the actual account disabling (turn e-mail alerts on!)</p> <p>######################</p> <p>Add-PSSnapin “Quest.ActiveRoles.ADManagement”</p> <p>$creationCutoff = (Get-Date).AddDays(-$timeSinceCreation)<br /> $inactiveUsers = @(Get-QADUser -SearchRoot $searchRoot -Enabled -NotMemberof “No Auto Disable” -NotLoggedOnFor $inactiveDays -CreatedBefore $creationCutoff -SizeLimit $sizeLimit | Select-Object Name,SamAccountName,LastLogonTimeStamp,Description | Sort-Object Name)</p> <p>### Disable Accounts ###<br /> $date = Get-Date -format “dd/MM/yyyy”<br /> if ($enableAction -eq 1 -and $inactiveUsers -ne $null){<br /> foreach($user in $inactiveUsers){<br /> Set-QADUser $user.SamAccountName -Description “Inactive account, automatically disabled on $date – $($user.Description)” | Disable-QADUser<br /> }<br /> }<br /> ######</p> <p>### Email Alerts ###<br /> if ($emailAlerts -eq 1 -and $inactiveUsers -ne $null){</p> <p>$date = Get-Date -DisplayHint Date</p> <p>$body = @(”</p> <p><center><br /> “)$i = 0do {<br /> if($i % 2){$body += ”<br /> “;$i++}<br /> else {$body += ”<br /> “;$i++}<br /> }<br /> while ($inactiveUsers[$i] -ne $null)$body += ”<br /> </p><br /> <table width=”50%” border=”1″ cellspacing=”0″ cellpadding=”8″ bgcolor=”black”><br /> </p><br /> <tbody><br /> </p><br /> <tr bgcolor=”white”><br /> </p><br /> <td>Name</td><br /> <p><br /></p><br /> <td>Username</td><br /> <p><br /></p><br /> <td>Last Login</td><br /> <p><br /> </tr><br /> <p><br /></p><br /> <tr><br /> </p><br /> <td>$($inactiveUsers[$i].Name)</td><br /> <p><br /></p><br /> <td>$($inactiveUsers[$i].SamAccountName)</td><br /> <p><br /></p><br /> <td>$($inactiveUsers[$i].LastLogonTimestamp)</td><br /> <p><br /></p><br /> <td>$($inactiveUsers[$i].Name)</td><br /> <p><br /></p><br /> <td>$($inactiveUsers[$i].SamAccountName)</td><br /> <p><br /></p><br /> <td>$($inactiveUsers[$i].LastLogonTimestamp)</td><br /> <p><br /> </tr><br /> <p><br /> </tbody><br /> <p><br /> </table><br /> <p><br /> </p> <p></center>”</p> <p>Send-MailMessage -To $toAddr -From $fromAddr -Subject “Info: $($inactiveUsers.Count) FPHS User Accounts Disabled on $date” -Body “$body” -SmtpServer $smtpsrv -BodyAsHtml<br /> }<br /> ######</p> <p>exit<br /> </code><br /> </pre><br /> <p>
