I generate this report once a month, just to make sure we keep AD cleaned up. With people coming and going, and with every case treated differently, it's sometimes hard to remember when to delete what. This is just a monthly report to make sure we aren't leaving anything out there.
#---------------BEGIN SCRIPT---------------------
#Import the Active Directory module. Unless you're running this on a domain controller, you'll need RSAT installed.
import-module activedirectory
#Find disabled AD accounts. Here, I've excluded some builtin accounts, and an OU.
#Return only the name
$output = (Search-ADAccount -AccountDisabled -UsersOnly | where {
($_.name -cnotlike "System*") -and `
($_.name -ne "Guest") -and `
($_.name -ne "krbtgt") -and `
($_.name -notlike "FederatedEmail*") -and `
($_.name -notlike "DiscoverySearchMailbox*") -and `
($_.DistinguishedName -notlike "*ObjectsToDelete*")
} | select Name)
#Build the body of the email by taking the output above and converting it to a string
$body = ($output | Out-String)
#Send me the email
Send-MailMessage -To itreporting@contoso.com -Subject "PS Report - Disabled Active Directory Users" -Body $body -From "helpdesk@contoso.com" -SmtpServer "mailserver.contoso.com"
#---------------END SCRIPT---------------------
I received an error when trying this.
ReplyDeleteon: ($_.DistinguishedName -notlike "*ObjectsToDelete*") -and `
Had to take off the ` after that line.
Right you are! I had more "-and"s and forgot to remove this. Thanks for pointing it out!
ReplyDelete