-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathGet-DisabledAccounts.ps1
53 lines (40 loc) · 1.83 KB
/
Get-DisabledAccounts.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
function Get-DisabledAccounts{
<#
.SYNOPSIS
Get-DisabledAccounts is a powershell function to assist in finding disabled user accounts.
.DESCRIPTION
Get-DisabledAccounts is a powershell function to assist in finding disabled user accounts.
It has one required parameters (switches): -DC
And two optional parameters, TimeSpan and Credential. Find the details of the parameters below.
.PARAMETER DC
Specifies the domain controller to use.
.Parameter TimeSpan
Specifies the maximum number of days back in time to search.
.Parameter Credential
Specify the credenial to run the commands as a different user.
.EXAMPLE
PS C:\> Get-DisabledAccounts DOMAINCONTROLLER 30
#>
[CmdletBinding()]
param(
[Parameter(Position = 0,Mandatory=$true)][string]$DC,
[Parameter(Mandatory=$false)][int16]$TimeSpan,
[ValidateNotNull()]
[System.Management.Automation.PSCredential]
[System.Management.Automation.Credential()]
$Credential = [System.Management.Automation.PSCredential]::Empty
)
if($TimeSpan -and $TimeSpan -ge 0){$TimeSpan = 0 - $TimeSpan}
$count = (Search-ADAccount -AccountDisabled -UsersOnly).count
$DisabledUsers = Get-ADObject -Filter "ObjectClass -eq 'USER' -and userAccountControl -eq '514'"
$Results = @()
$x = 0
foreach($DisabledUser in $DisabledUsers){
$i = [int]($X++/$count*100)
Write-Progress -Activity "Search in Progress" -Status "$i% Complete:" -PercentComplete $i;
$Results += Get-ADReplicationAttributeMetadata $DisabledUser -Server $DC |
Where-Object {$_.AttributeName -eq 'UserAccountControl'} | Select Object,LastOriginatingChangeTime |
Where-Object {$_.LastOriginatingChangeTime -gt (Get-Date).AddDays($TimeSpan)}
}
Return $Results
}