Active Directory Dormant User Report – PowerShell

Working on a recent large multi site Active Directory environment, we were asked to come up with a PowerShell script that will help the AD Team identify dormant user accounts in their AD domain.

Firstly, we had to establish what a dormant user was, and it was agreed that this would be a User account that has not logged in for 60 days. Then we needed to find out of there were any exceptions to this policy, such as maternity or sick (we didnt want to report on this accounts). Finally, we wanted to exclude any Service accounts or Resource accounts, so we had to get the DN of these as well.

So here we go;

The script above will also show you the OU that each AD account sits in, so you can easily locate the dormant users.

 

Leave a Reply

Your email address will not be published. Required fields are marked *