From 4ea06f359b120209953ca508a474303c64c0bad1 Mon Sep 17 00:00:00 2001
From: Frank Bischof <frank.bischof@solvinity.com>
Date: Wed, 23 Nov 2022 11:14:42 +0100
Subject: [PATCH] Version 1.0

---
 README.md                  |  9 +++++++++
 lock_inactive_accounts.ps1 | 21 +++++++++++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 lock_inactive_accounts.ps1

diff --git a/README.md b/README.md
index 28673ac..c932b3b 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,11 @@
 # lock_inactive_users
 Lock and/or delete AD accounts which are inactive
+
+## Usage
+By default users who did not log in for 90 days, their account will be put inactive.
+After this, accounts which are inactive for 6 months will be deleted.
+
+This can be customized in the variables:
+$90Days = (get-date).adddays(-90)
+and
+$6Months = (get-date).AddMonths(-6)
\ No newline at end of file
diff --git a/lock_inactive_accounts.ps1 b/lock_inactive_accounts.ps1
new file mode 100644
index 0000000..6b17d8e
--- /dev/null
+++ b/lock_inactive_accounts.ps1
@@ -0,0 +1,21 @@
+## Author: Frank Bischof (info@meer-web.nl)
+## Version: 1.0
+
+## Disable account if not used for X days
+$90Days = (get-date).adddays(-90)
+$users = Get-ADUser -properties * -filter {((lastlogondate -notlike "*" -OR lastlogondate -le $90Days) -AND (enabled -eq $True))}  | where CanonicalName -Like "*NamedAccounts*" | select-object SAMaccountname
+foreach ($user in $users)
+{
+    write-host Disabling account $user.SAMaccountname
+    Disable-ADAccount -Identity $user.SAMaccountname
+
+}
+
+## Delete account if disabled for X months.
+$6Months = (get-date).AddMonths(-6)
+$users = Get-ADUser -properties * -filter {((modifyTimeStamp -le $6Months) -AND (enabled -eq $False))}  | where CanonicalName -Like "*NamedAccounts*" | select-object SAMaccountname
+foreach ($user in $users)
+{
+    write-host Deleting account $user.SAMaccountname
+    Remove-ADUser -Identity $user.SAMaccountname
+}
\ No newline at end of file