Hi Folks,
Good Day.

Can anyone help me to update below powershel script?
below script find in my domain all the AD users accounts that have not been logged into for more than 90 days and export the report to .csv file. in addition what I want:

1. OU=Others, Sales --> exclude this OUs
2. Disable all the user based on 90 days export report .csv file 

import-module activedirectory 
$domain = "test.com" 
$DaysInactive = 90 
$time = (Get-Date).Adddays(-($DaysInactive))
$timer = (Get-Date -Format yyyy-mm-dd)

# Get all AD User with lastLogonTimestamp less than our time and set to enable
Get-ADUser -Filter {LastLogonTimeStamp -lt $time -and enabled -eq $true} -Properties LastLogonTimeStamp |

# Output Name and lastLogonTimestamp into CSV
select-object givenname,Name,@{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp).ToString('dd-MM-yyyy_hh:mm:ss')}} | Export-Csv c:\temp\90DaysInactive-$(Get-Date -format dd-MM-yyyy).csv NoTypeInformation

Many thanks for advance Help:

What have you tried so far?

Hi,

Take a look at Search-ADAccount:

http://ss64.com/ps/search-adaccount.html

Hi Billvel,

To exclude specific ou, please try to filter ou path through DistinguishedName:

Get-ADUser -Filter  {LastLogonTimeStamp -lt $time -and enabled -eq $true} | where { $_.distinguishedname -notlike '*OU=Others, DC=..,DC=com" }

And to disable the inactive users, please refer to the cmdlet Disable-ADAccount.

If there is anything else regarding this issue, please feel free to post back.

Best Regards,

Anna Wang

Hi Anna,
Good Day.
Many thanks for your responce.

with your help i can manage to exclude the OUs as wellas can get the .csv report via mail.
Now i want to disable all the user based on 90 days export report .csv file.
could you help me on this please? the report will come everyday like below:
filename=90DaysInactive-dd-mm-yyyy.csv

sample output:
Given name User Name Last LogOn
Test User1 user1 03-10-2006_05:30:59
Test User2 user2 02-10-2006_12:00:34
-----------------------------------------------------------------------
import-module activedirectory 
$domain = "test.com" 
$DaysInactive = 1 
$time = (Get-Date).Adddays(-($DaysInactive))
$timer = (Get-Date -Format yyyy-mm-dd)
$FileName="c:\temp\90DaysInactive-$(Get-Date -format dd-MM-yyyy).csv"
$from = "from@mailbox.com"
$to = "to@mailbox.com"
$smtpHost = "smtpservername"
$Subject = "90 Days Inactive Accounts"
$body = "90 Days Inactive Accounts report"

# Get all AD User with lastLogonTimestamp less than our time and set to enable
Get-ADUser -Filter {LastLogonTimeStamp -lt $time -and enabled -eq $true} -Properties LastLogonTimeStamp | where {($_.distinguishedname -notlike "*OU=HR*") -and ($_.distinguishedname -notlike "*OU=OT*")} | 

# Output Name and lastLogonTimestamp into CSV
select-object givenname,Name,@{Name="Last Logon"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp).ToString('dd-MM-yyyy_hh:mm:ss')}} | Export-Csv c:\temp\90DaysInactive-$(Get-Date -format dd-MM-yyyy).csv -NoTypeInformation
Send-MailMessage -From $from -To $to -Subject $subject -cc $cc -SmtpServer $smtpHost -Attachments $FileName -Body $body -BodyAsHtml

Thanks for your advance help.

Hi Bill,

To disable AD User from csv file, please refer to the script below, please test this script before applying in product enviroment:

Import-Csv path.csv | foreach{
Get-ADUser -Filter "name -eq $_.name"|Disable-ADAccount
}

If there is anything else regarding this issue, please feel free to post back.

Best Regards,

Anna Wang