DSQUERY // ADComputer
Dsquery computer -inactive 13 | dsmod computer -desc inactive
Dsquery user -inactive 13 | dsmod user -desc inactive
Dsquery computer -inactive 104 | dsmod computer -desc 2years
Dsquery user -inactive 104 | dsmod user -desc 2years
Dsquery computer -inactive 250 | dsmod computer -desc 5years
Dsquery user -inactive 250 | dsmod user -desc 5years
***************************************************
#Finds all Active Desktop OS computer accounts that have not logged in for 1yr and exports to CSV.
$DaysInactive = 365
$time = (Get-Date).Adddays(-($DaysInactive))
Get-ADComputer -Filter {(LastLogonTimeStamp -lt $time) -and (OperatingSystem -notlike "*windows*server*") -and (Enabled -eq "True")} -Properties LastLogonTimeStamp | select-object Name, enabled, @{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}} | Export-CSV C:\Accent\InactiveComputers.csv
-----------------------------------------------------------------------------------
#After Confirming the above, this selects the same computer accounts and disables them.
$DaysInactive = 365
$time = (Get-Date).Adddays(-($DaysInactive))
Get-ADComputer -Filter {(LastLogonTimeStamp -lt $time) -and (OperatingSystem -notlike "*windows*server*") -and (Enabled -eq "True")} -Properties LastLogonTimeStamp | Disable-ADAccount
===================================================
#Finds all Active Server OS computer accounts that have not logged in for 1yr and exports to CSV.
$DaysInactive = 365
$time = (Get-Date).Adddays(-($DaysInactive))
Get-ADComputer -Filter {(LastLogonTimeStamp -lt $time) -and (OperatingSystem -like "*windows*server*") -and (Enabled -eq "True")} -Properties LastLogonTimeStamp | select-object Name, enabled, @{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}} | Export-CSV C:\Accent\InactiveComputers.csv
-----------------------------------------------------------------------------------
#After Confirming the above, this selects the same computer accounts and disables them.
$DaysInactive = 365
$time = (Get-Date).Adddays(-($DaysInactive))
Get-ADComputer -Filter {(LastLogonTimeStamp -lt $time) -and (OperatingSystem -like "*windows*server*") -and (Enabled -eq "True")} -Properties LastLogonTimeStamp | Disable-ADAccount
***************************************************
# Or just get everything
Get-ADComputer -Filter * -Properties * | Select-Object * | Export-Csv C:\Accent\Computers.csv
Get-ADUser -Filter * -Properties * | Select-Object * | Export-Csv C:\Accent\Users.csv
$DaysInactive = 90
$time = (Get-Date).Adddays(-($DaysInactive))
Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -Properties LastLogonTimeStamp | select-object Name, enabled, @{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}} | Export-CSV C:\Accent\InactiveComputers.csv
***********************
Dsquery computer -inactive 8
# list all computers inactive for 8
Dsquery user -inactive 8
#list all users inactive for 8 weeks
Dsquery computer -inactive 8 | dsmod computer -desc inactive
#changes the description for all computers that have been inactive for 8 weeks to "inactive"
Dsquery computer -inactive 8 | dsmod computer -disabled yes
# disables all computers inactive for more than 8 weeks
Dsquery computer -inactive 8 | dsmod computer -desc "inactive 20180905"
#sets the description to more than a single word by adding the quote marks
All Users
Dsquery user
Identify Disabled Accounts
Dsquery user -disabled
Update inactive accounts with a date stamp
Dsquery user -disabled | dsmod user -desc "inactive 20190501"
Identify Sale Passwords
Dsquery user -stalepwd 60
Find count for OU enabled and disabled
(Get-ADUser -Filter {Enabled -eq $true} -SearchBase "OU=RHSC,DC=RHSC,DC=local").count
(Get-ADUser -Filter * -SearchBase "OU=RHSC,DC=RHSC,DC=local").count