To Get the Services Accounts
Get-ADUser -Filter 'Name -like "*SvcAccount"' | FT Name,SamAccountName
To get the user account krbtgt Properties.
Get-ADUser krbtgt -Properties Name | FT Name, createTimeStamp, LastLogonDate, whenCreated, DistinguishedName
To Search the complete Organization Unit Finance for user details.
Get-ADUser -Filter * -SearchBase "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM"
To get the user account Madhu Properties with formating Table option.
Get-ADUser Madhu -Properties Name | FT Name, LastLogonDate, DistinguishedName, Enabled -AutoSize | Out-String -Width 400
To get the list of User account who are reporting since last 90 Days through last logon date and importing the results a file ADUSR.txt
$d = [DateTime]::Today.AddDays(-90); Get-ADUser -Filter 'LastLogonDate -ge $d' -Properties LastLogonDate | FT Name,createTimeStamp, LastLogonDate, whenCreated, DistinguishedName | Format-Table -AutoSize | Out-String -Width 400 > C:\reports\ADUSR.txt
Below list is PowerShell commands.
Here is the command to get AD computer accounts which are reporting to AD less than 90 days based on last logon date.
$d = [DateTime]::Today.AddDays(-2000); Get-ADComputer -Filter 'LastLogonDate -ge $d' -Properties LastLogonDate | FT Name, Enabled, LastLogonDate
Here is the commands list the get AD computer accounts which are set their password less than 90 days
$d = [DateTime]::Today.AddDays(-90); Get-ADComputer -Filter 'PasswordLastSet -ge $d' -Properties PasswordLastSet | FT Name,PasswordLastSet
Execute the below command to retrieve the Last Logon time stamp for computer account by executing the below command
Get-ADComputer -Filter 'Enabled -eq "False"' -Properties LastLogonDate |FT Name,LastLogonDate
Get-ADUser -Filter 'Name -like "*SvcAccount"' | FT Name,SamAccountName
To get the user account krbtgt Properties.
Get-ADUser krbtgt -Properties Name | FT Name, createTimeStamp, LastLogonDate, whenCreated, DistinguishedName
To Search the complete Organization Unit Finance for user details.
Get-ADUser -Filter * -SearchBase "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM"
To get the user account Madhu Properties with formating Table option.
Get-ADUser Madhu -Properties Name | FT Name, LastLogonDate, DistinguishedName, Enabled -AutoSize | Out-String -Width 400
To get the list of User account who are reporting since last 90 Days through last logon date and importing the results a file ADUSR.txt
$d = [DateTime]::Today.AddDays(-90); Get-ADUser -Filter 'LastLogonDate -ge $d' -Properties LastLogonDate | FT Name,createTimeStamp, LastLogonDate, whenCreated, DistinguishedName | Format-Table -AutoSize | Out-String -Width 400 > C:\reports\ADUSR.txt
Below list is PowerShell commands.
Here is the command to get AD computer accounts which are reporting to AD less than 90 days based on last logon date.
$d = [DateTime]::Today.AddDays(-2000); Get-ADComputer -Filter 'LastLogonDate -ge $d' -Properties LastLogonDate | FT Name, Enabled, LastLogonDate
Here is the commands list the get AD computer accounts which are set their password less than 90 days
$d = [DateTime]::Today.AddDays(-90); Get-ADComputer -Filter 'PasswordLastSet -ge $d' -Properties PasswordLastSet | FT Name,PasswordLastSet
Execute the below command to retrieve the Last Logon time stamp for computer account by executing the below command
Get-ADComputer -Filter 'Enabled -eq "False"' -Properties LastLogonDate |FT Name,LastLogonDate
This comment has been removed by the author.
ReplyDeleteExcellent, thanks for sharing the script, but I tried the automate tool from https://blog.netwrix.com/2018/02/15/the-ten-best-free-active-directory-management-tools/ that assist to get the active directory user accounts list which are based on last log on details of account and manage inactive user accounts and move them to another OU.
ReplyDelete