Friday, September 4, 2015

Windows - List Inactive AD User Accounts

Solution: - You can do this via dsquery from a DC.

1. Log into a DC.
2. Open a command prompt.
3. Run the command:
4. C:> dsquery user -inactive 60

This will give you a listing of all user accounts that have been inactive for 60+ days.
A cool script to use:

date /t
time /t
echo Stale AD Data Report
if not exist %windir%\ntds\ goto :NOT_DC
echo Computers, Inactive 60 Days
echo -------------------------------
dsquery computer -inactive 60
echo Users, Inactive 60 Days
echo -------------------------------
dsquery user -inactive 60
goto :EOF
echo This is not a DC, did not find:
echo %windir%\ntds\


No comments:

Post a Comment