Powershell Listing inactive accounts

Question

I am trying to list all accounts that have not been logged into outside of 6 months.

This is my first time really using powershell and I am simply editing other people's scripts at this point to fit my own needs.

I want to separate the search into two lists : computers only and users only.

Code for computers outside six months.

Search-ADAccount -accountinactive -computersonly | where {$_.lastlogondate -lt (get-date).addmonths(-6)} | FT Name,LastLogonDate

Code for users outside six months.

Search-ADAccount -accountinactive -usersonly | where {$_.lastlogondate -lt (get-date).addmonths(-6)} | FT Name,LastLogonDate

However, these are not working and are just spitting out all accounts. I have also noticed changing the -6 to any number really has no effect. Suggestions?

Answer 1

Your test is OK (it's working in my AD) the only thing is that you have to eliminate the objects where $_.lastlogondate is null.

try :

Search-ADAccount -accountinactive -usersonly  | where {! ($_.lastlogondate -lt (get-date).addMonths(-6))} | ft Name,lastlogondate

Edited :

Because the lastLogon attribute is not replicated in Active Directory, a different value can be stored in the copy of Active Directory on each Domain Controller. One solution is to loop over all domains controlers to build a list such users. But I'am quite sure there is an other solution !

Answer 2

Have a look here for Tracking the inactive users by categories(logon status,disabled users,password expired users,acc expired users,neverloggedon users,deleted users,etc)

http://www.adsysnet.com/asn-active-directory-inactive-account-tracker-features.aspx

Answer 3

I believe you need to pass a date or a timespan along with the -AccountInactive switch. Doing should make your custom filter unnecessary, so try something like this (untested):

Search-ADAccount -accountinactive -datetime (get-date).AddMonths(-6) -computersonly | ft Name,LastLogonDate
Search-ADAccount -accountinactive -datetime (get-date).AddMonths(-6) -userssonly | ft Name,LastLogonDate

Answer 4

$sixMonths = (Get-Date).AddMonths(-6)
Search-ADAccount -accountinactive -usersonly -datetime "$sixMonths"