As they would say on “Wayne’s World” —- “SCHWING!!!”
There’s a feature I just stumbled on. It’s simple. It’s easy.
And you DON’T need to master Powershell on any level to just USE it!
It’s called SEARCH-ADACCOUNT.
SEARCH-ADACCOUNT is a Commandlet for just what it sounds like. Searching Active Directory. But where it wins for new Administrators is it already has PREBUILT EASY to USE parameters!
Want to find out who’s locked out in Active Directory? SEARCH-ADACCOUNT –LockedOut
Need to know which accounts are Disabled? SEARCH-ADACCOUNT –AccountDisabled
How about users who’s passwords NEVER expire? SEARCH-ADACCOUNT –PasswordNeverExpires
There’s so much more to this Commandlet like THIS sweet little line. We COULD write up a script for this but would you like a COMMAND LINE that shows all “Idle accounts”. (User or Computer) that basically have been wasting space?
VOILA! IT’S in POWERSHELL in Server 2008 R2!
SEARCH-ADACCOUNT –AccountInactive –TimeSpan 90:00:00:00
There! ALL accounts (computer and user) not used in 90 days! And YES you can pipe THAT into a DISABLE-ADACCOUNT as well to keep the system secure and under control!
This is just the ICING on the CAKE! For just THIS REASON ALONE you should consider Server 2008 R2 and Powershell! As an Administrator, this is something that is part of your daily job. Query old accounts, find who’s wasting space, determine what needs to be pruned. And now that is a simple program you can use on your WORKSTATION. No stress, no effort.
Just time for the Pina Coladas!
the Energized Tech