Find user accounts question

TIA.

I'm trying to:

Find all 'user' accounts in AD which are enabled, then find those accounts which have not logged in for 60 days, then sort those accounts by lastlogondate, then provide a list of user names and lastlogondate, and (last in my thoughts but very important) the count of the results.

I've only gotten as far as:      Get-ADUser -Filter {(ObjectClass -eq "user") -and (enabled -eq $true)}

I've tried to pipe it to Search-ADAccount -AccountInactive -Timespan 60.00:00:00 and have gotten a whole lotta red.

Any advice, links to read, etc... would be welcome.

Thanks again,

Davis

April 27th, 2015 5:16pm

Here's one way:

Free Windows Admin Tool Kit Click here and download it now
April 27th, 2015 5:32pm

Thanks Mike.  I get this response:

Unexpected token 'lastLogonTimestamp' in expression or statement.
At line:1 char:261
+ search-adaccount -accountinactive -timespan 60 -usersonly | where-object { $_.Enabled } | foreach-object { $user = get-aduser $_ -properties lastLogonTimestamp new-object PSObject -p
roperty @{ "DistinguishedName"  = $user.DistinguishedName "lastLogonTimestamp" <<<<  = [DateTime]::FromFileTime($user.lastLogonTimestamp)}}
    + CategoryInfo          : ParserError: (lastLogonTimestamp:String) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken

April 29th, 2015 2:26pm

I just copy and pasted the exact code that I posted, above, and it ran without any errors.

I suspect you have not copied and pasted the exact code.

Free Windows Admin Tool Kit Click here and download it now
April 29th, 2015 2:33pm

this also gets what you're looking for.  Putting the initial search in a variable will let you play around with the results without pulling them down again.  not a big deal for a lab or small environment, but it could take a while in a larger environment. 

$60days = (Get-Date).AddDays(-60)

$Allusers = Get-ADUser -Filter * -Properties Enabled,LastLogonTimeStamp 

$Allusers | where {$_.Enabled -eq $true} | Select-Object -Property SAMAccountName,@{n="LastLogonDate";e={[datetime]::FromFileTime($_.lastLogonTimestamp)}} | where {$_.lastlogondate -le $60days} | sort -Property LastLogonDate -Descending

April 29th, 2015 2:58pm

Not recommended, because you are pulling all users and then filtering after the fact with where-object. Very inefficient.

Search-ADAccount is more efficient.

Free Windows Admin Tool Kit Click here and download it now
April 29th, 2015 3:05pm

Gentlemen,

Both of your solutions work and since I'm working with fewer than 20k accounts the efficiency issue is not a show-stopper.  I'm curious how to build the count in.

Thank you for your time and patience,

D

May 1st, 2015 2:03pm

What's your specific question regarding a count?

Free Windows Admin Tool Kit Click here and download it now
May 1st, 2015 2:47pm

you could throw in a tee-object -variable myresults

and then get the count of objects: ($myresults).count

so the search-adaccount way:

search-adaccount -accountinactive -timespan 60 -usersonly | where-object { $_.Enabled } | tee-object -variable myresults | foreach-object {
  $user = get-aduser $_ -properties lastLogonTimestamp
  new-object PSObject -property @{
    "DistinguishedName"  = $user.DistinguishedName
    "SamAccountName"     = $user.SamAccountName
    "lastLogonTimestamp" = [DateTime]::FromFileTime($user.lastLogonTimestamp)
  }
}
$count = ($myresults).count
write-warning "Found $count inactive accounts!"

May 1st, 2015 2:56pm
Many thanks.  I need the count of how many enabled accounts have not been logged into for X days.  I'll work with your suggestion.
Free Windows Admin Tool Kit Click here and download it now
May 1st, 2015 3:14pm

If you just need the count, simply pipe to measure-object:

May 1st, 2015 3:40pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics