# Query Options #
$searchRoot = “domain.local/School Users/sub ou” # Where to begin your recursive search – If you use top-level (e.g. “domain.local/”) make sure to have a trailing slash, otherwise do not use a slash (e.g. “domain.local/Users”)
$inactiveDays = 80 # Integer for number of days of inactivity (e.q. 90)
$timeSinceCreation = 80 # Integer for number of “grace” days since the account was created (to prevent disabling of brand new accounts)
$sizeLimit = 0 # How many users do you want returned. 0 = unlimited. Without setting this the default is 1000
# Email Settings #
$emailAlerts = 1 # Turn e-mail alerts on or off. 0 = off
$fromAddr = “noreply@schho.com” # Enter the FROM address for the e-mail alert
$toAddr = “it@school.com” # Enter the TO address for the e-mail alert
$smtpsrv = “mail.school.com” # Enter the FQDN or IP of a SMTP relay
# Enable Script #
$enableAction = 1 # Change to 0 if you want to “whatif” this script – It will bypass the actual account disabling (turn e-mail alerts on!)
######################
Add-PSSnapin “Quest.ActiveRoles.ADManagement”
$creationCutoff = (Get-Date).AddDays(-$timeSinceCreation)
$inactiveUsers = @(Get-QADUser -SearchRoot $searchRoot -Enabled -NotMemberof “No Auto Disable” -NotLoggedOnFor $inactiveDays -CreatedBefore $creationCutoff -SizeLimit $sizeLimit | Select-Object Name,SamAccountName,LastLogonTimeStamp,Description | Sort-Object Name)
### Disable Accounts ###
$date = Get-Date -format “dd/MM/yyyy”
if ($enableAction -eq 1 -and $inactiveUsers -ne $null){
foreach($user in $inactiveUsers){
Set-QADUser $user.SamAccountName -Description “Inactive account, automatically disabled on $date – $($user.Description)” | Disable-QADUser
}
}
######
### Email Alerts ###
if ($emailAlerts -eq 1 -and $inactiveUsers -ne $null){
$date = Get-Date -DisplayHint Date
$body = @(”
<center>
“)$i = 0do {
if($i % 2){$body += ”
“;$i++}
else {$body += ”
“;$i++}
}
while ($inactiveUsers[$i] -ne $null)$body += ”
</p>
<table width=”50%” border=”1″ cellspacing=”0″ cellpadding=”8″ bgcolor=”black”>
</p>
<tbody>
</p>
<tr bgcolor=”white”>
</p>
<td>Name</td>
<p><br /></p>
<td>Username</td>
<p><br /></p>
<td>Last Login</td>
<p>
</tr>
<p><br /></p>
<tr>
</p>
<td>$($inactiveUsers[$i].Name)</td>
<p><br /></p>
<td>$($inactiveUsers[$i].SamAccountName)</td>
<p><br /></p>
<td>$($inactiveUsers[$i].LastLogonTimestamp)</td>
<p><br /></p>
<td>$($inactiveUsers[$i].Name)</td>
<p><br /></p>
<td>$($inactiveUsers[$i].SamAccountName)</td>
<p><br /></p>
<td>$($inactiveUsers[$i].LastLogonTimestamp)</td>
<p>
</tr>
<p>
</tbody>
<p>
</table>
<p>
</center>”
Send-MailMessage -To $toAddr -From $fromAddr -Subject “Info: $($inactiveUsers.Count) FPHS User Accounts Disabled on $date” -Body “$body” -SmtpServer $smtpsrv -BodyAsHtml
}
######
exit
</code>
</pre>
<p>