Version 1.0

2022-11-23 11:14:42 +01:00 · 2022-11-23 11:14:42 +01:00 · 4ea06f359b
commit 4ea06f359b
parent 736928aa4c
2 changed files with 30 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -1,2 +1,11 @@
 # lock_inactive_users
 Lock and/or delete AD accounts which are inactive
+
+## Usage
+By default users who did not log in for 90 days, their account will be put inactive.
+After this, accounts which are inactive for 6 months will be deleted.
+
+This can be customized in the variables:
+$90Days = (get-date).adddays(-90)
+and
+$6Months = (get-date).AddMonths(-6)
--- a/lock_inactive_accounts.ps1
+++ b/lock_inactive_accounts.ps1
@ -0,0 +1,21 @@
+## Author: Frank Bischof (info@meer-web.nl)
+## Version: 1.0
+
+## Disable account if not used for X days
+$90Days = (get-date).adddays(-90)
+$users = Get-ADUser -properties * -filter {((lastlogondate -notlike "*" -OR lastlogondate -le $90Days) -AND (enabled -eq $True))}  | where CanonicalName -Like "*NamedAccounts*" | select-object SAMaccountname
+foreach ($user in $users)
+{
+    write-host Disabling account $user.SAMaccountname
+    Disable-ADAccount -Identity $user.SAMaccountname
+
+}
+
+## Delete account if disabled for X months.
+$6Months = (get-date).AddMonths(-6)
+$users = Get-ADUser -properties * -filter {((modifyTimeStamp -le $6Months) -AND (enabled -eq $False))}  | where CanonicalName -Like "*NamedAccounts*" | select-object SAMaccountname
+foreach ($user in $users)
+{
+    write-host Deleting account $user.SAMaccountname
+    Remove-ADUser -Identity $user.SAMaccountname
+}