• State Suggested Answer
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 62 subscribers
  • Views 1389 views
  • Users 0 members are here
Options
Related

Find user accounts that have had no activity in over x amount of days with powershell

dexter
over 2 years ago

Hello,

I am attempting to utilize powershell with ARS to perform some activity cleanup. Basically what we are looking to do is identify all of the user accounts in our domain(s) that have not been logged into in say, 30 days or more. The exact time is going to be variable depending on the domain.

While I can get a list of all of the users in the various OUs, how could I construct a script that can just return those particular objects that meet the aforementioned activity criteria and export that to a CSV file?

  • 0 over 2 years ago

    Hi  

    If you need to do this externally to ARS, in a PowerShell script, you could just do something like the below:

    $InActivePeriod = 1 #days

get-QADUser -InactiveFor $InActivePeriod -Proxy

    However there are other parameters avaiable like "NotLoggedOnFor", "InActive" and "ExpiredFor"

    If you run the command below, the examples provided should help you get what you need, it will also list the parameters available for the get-qaduser method, and give a description of what its for

    get-help get-qaduser -Full

    If however you can perform the cleanup work inside ARS, you could use a Scheduled (Automation) Workflow, as an example the "Clean up inactive computer accounts" and "Clean up inactive user accounts" might be a good starting point to create your own. They are located here: Configuration/Policies/Workflow/Builtin

    "Clean up inactive user accounts" workflow for example does the following:

    Using a "Search" workflow activity step name "Find inactive users" in the above screenshot, it searches for "Inactive Accounts" within Active Directory (so all managed domains, if you create your own, you could have different workflows for each managed domain as appropriate, and set the inactive period as required). In this example, its looking for Account that have not been logged into for 120 days.

    The criteria available when you create your own workflow for a Search Activity are as below, but you could also add your own search options that you want to match

    Then for each user account found matching the search criteria, it will then

    1) With an "If-Else" activity step, it checks to see if the inactive user account is currently not deprovisioned (That's the branch listed as "Not deprovisioned")

    a) It then add information about that account to a report using the "Add Report Section" activity step

    b) Then (if the step wasn't disabled) it would use the "Deprovision" activity step (name "Deprovision inactive accounts")

    2) With an "If-Else" activity step, it checks to see if the inactive user account is currently deprovisioned (That's the branch listed as "Already deprovisioned")

    a) It then add information about that already devprovisioned account to a report using the "Add Report Section" activity step

    It will then loop through all the remaining found inactive user accounts, once all are complete, it then uses a "Notification" activity step to send the report by email to the initiator of the workflow.

    Hope this helps