Get inactive / old User (which are still enabled) in your domain as a simple CSV output. Credits to
http://blog.mattvogt.net/2011/10/06/powershell-last-logon-timestamp-for-single-ho
Run on AD server (2008 or newer)
Update the domain and if required the DaysInactive
This is a simple example and the Filter and output can be modified to get more details .
# Gets time stamps for all User in the domain that have NOT logged in since after specified date
# Mod by Tilo 2013-08-27
import-module activedirectory
$domain = "domain.mydom.com"
$DaysInactive = 90
$time = (Get-Date).Adddays(-($DaysInactive))
# Get all AD User with lastLogonTimestamp less than our time and set to enable
Get-ADUser -Filter {LastLogonTimeStamp -lt $time -and enabled -eq $true} -Properties LastLogonTimeStamp |
# Output Name and lastLogonTimestamp into CSV
select-object Name,@{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}} | export-csv OLD_User.csv -notypeinformation
# Gets time stamps for all User in the domain that have NOT logged in since after specified date # Mod by Tilo 2013-08-27 import-module activedirectory $domain = "domain.mydom.com" $DaysInactive = 90 $time = (Get-Date).Adddays(-($DaysInactive)) # Get all AD User with lastLogonTimestamp less than our time and set to enable Get-ADUser -Filter {LastLogonTimeStamp -lt $time -and enabled -eq $true} -Properties LastLogonTimeStamp | # Output Name and lastLogonTimestamp into CSV select-object Name,@{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}} | export-csv OLD_User.csv -notypeinformation