Inactive User Script

Posted by

Keep Active Directory clean and tidy using this PowerShell script to find, move and disable inactive computer accounts.

 

The script uses Quest PowerShell commands which you can download freely from their website – http://www.quest.com/powershell/activeroles-server.aspx

 

The script has three run options that can be configured.

1. Report Only – find all inactive users and generate a CSV file report showing their details

2. Report and Move – find all inactive users, generates a CSV report file and moves the accounts to a specific OU

3. Report, Move and Disable – find all inactive users, generates a CSV report file, moves the accounts to a specific OU and disables them whilst updating their description

Simply edit the script variables at the top of script to change the way the script runs. You can specify the source OU used to search for inactive accounts, the destination OU to move inactive accounts to, and the description to set in the accounts. You can also specify a search string for the description field. For example I prefix the description field in an AD User account that i never want to be disabled with the prefix DND (Do not disable) – the script will ignore any accounts it finds with a description starting DND. You can also customise how long accounts must have been active for and the location of the report.

I’ve uploaded the script to the TechNet gallery

http://gallery.technet.microsoft.com/Inactive-Users-Script-76eb43f4