This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 78%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi all, I need your help as I'm not proficient with Powershell enough to create this kind of script on my own.
I would like to disable all users of a specific OU that haven't logged in for more than X days (let's say 5 for example).
There are no service accounts in it, so only regular users.
Also, there is no need for the script to write reason for disabling in the description field as I've seen in some examples.
So only, a script that imports active directory module, target's the specified OU, checks if the logon date is above that number of days and disables them.
The setup could be like this:
Domain: random.local
Targeted OU: random/random users and groups/random users
Thanks a lot in advance for any help on this!
Regards,
Marko
Hi @Marko Todorovic ,
maybe this helps to get started (Use on your own risk! Not tested by myself.):
$searchBase = "OU=random,DC=random,dc=local"
Search-ADAccount -SearchBase $searchBase -UsersOnly -AccountInactive -TimeSpan ([timespan]5d)
| Set-ADUser -Enabled $false
----------
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Andreas Baumgarten
Hey, thanks a lot. It works. I've tested with 5 test users (where with 1 I logged in previously and other 4 I didn't) and after executing script, it disabled those 4 and didn't disable the 1 it detected login activity. Thanks a lot for your help!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 57.99999999999999%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Hey Andreas,
I was reasearching about the -timespan and trying to get the timespan in Hours, Minutes and seconds if possible.
Do you have this?
Hello @Andreas Baumgarten
Thanks for this answer, but I have a Question, please
I want to disable the user account if the user didn't connect to the company network within 7 days
Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 94%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIX%3C/text%3E%3C/svg%3E)
Hi,
You may try this.
$ou= "OU=random ,DC=random ,DC=local"
$date = ([datetime]::Now).AddDays(-5)
Get-ADUser -SearchBase $ou -Filter {lastlogon -lt $date} | Set-ADUser -Enabled $False
Best Regards,
Ian Xue
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.