Active Directory Inactive Users/Computers Reporting

Every once in a while its good idea to do a little cleaning of your AD (Active Directory). With several thousand computers and usernames, it's near impossible to manually sort through which accounts are active or inactive. 

This script was created to save the leg work of having to manually sort through AD accounts to verify activity. It will scan through your entire AD and report which computers and users are inactive based on the criteria provided under the "General Settings" portion of the script. 


Organization Name

The organization's name is purely for aesthetic reasons. When the report has created the name of the organization will be placed in the subject of the emailed report.

# Enter in the organization name between the quotation marks
Organization_Name = "Organization Name"

 


Inactive Dates

The days entered will be how far back the script will look for inactive computers or users. If a number of 365 is entered for the $Users_DaysInactive variable, the script will report on users who have not logged on in 365 days. For the $Computers_DaysInactive variable, it will report on the last time the computer was logged on to. 

# Enter in the number of days a user needs to be inactive.
$Users_DaysInactive = 365

# Enter in the number of days a computer needs to be inactive.
$Computers_DaysInactive = 365

 


HTML Report

If an Email report is what is needed, a 1 will need to be placed in from of each of these variables. If an email is not needed the variable will need to be set at 0. 

# Email Inactive Users List | 0 = NO | 1 = YES
$Inactive_Users_HTML = 1

# Email Inactive Computers List | 0 = NO | 1 = YES
$Inactive_Computers_HTML = 1

 


CSV Report

If a CSV report is what is needed, a 1 will need to be placed in from of each of these variables. If a CSV report is not needed the variable will need to be set at 0. 

# Export Inactive Users List to CSV | 0 = NO | 1 = YES
$Inactive_Users_CSV = 1

# Export Inactive Computers List to CSV | 0 = NO | 1 = YES
$Inactive_Computers_CSV = 1

 


CSV Save Directory

The $Export_Directory variable specifies which directory the CSV will need to be saved to. 

# Directory to Save CSV Exports
$Export_Directory = "C:\Users\username\Desktop"

 


SMTP Settings

In the SMTP setting section, information about your SMTP server will be required for the email function. 

$SMTP_Username = "Username"
$SMTP_Password = ConvertTo-SecureString "Password" -AsPlainText -Force
$Creds = New-Object System.Management.Automation.PSCredential ($SMTP_Username, $SMTP_Password)
$From = ""
$To = ""
$SMTPServer = ""
$SMTPPort = ""

 


CSS Code

Since the email being sent is being sent as HTML, the HTML can be styled using CSS. All of the styling is under the section called "CSS Styling". If you would like to learn more about CSS and how you can use it to style HTML pages, check out https://www.w3schools.com/css/


Entire Script

This script is also available on Microsoft TechNet: http://bit.ly/2WvdPJ3



###################################################
# ITLUMBERJACK.COM
# UPDATED ON: 5/2/19
# LICENSE: https://www.itlumberjack.com/mit-license
####################################################

import-module activedirectory  

########################
### General Settings ###
########################

# Enter in the organization name between the quotation marks
$Organization_Name = "Organization Name"

# Enter in the number of days a user needs to be inactive. 
$Users_DaysInactive = 365

# Enter in the number of days a computer needs to be inactive.
$Computers_DaysInactive = 365

# Email Inactive Users List | 0 = NO | 1 = YES
$Inactive_Users_HTML = 1

# Email Inactive Computers List | 0 = NO | 1 = YES
$Inactive_Computers_HTML = 1

# Export Inactive Users List to CSV | 0 = NO | 1 = YES
$Inactive_Users_CSV = 1

# Export Inactive Computers List to CSV | 0 = NO | 1 = YES
$Inactive_Computers_CSV = 1

# Directory to Save CSV Exports
$Export_Directory = "C:\Users\username\Desktop"


#####################
### SMTP Settings ###
#####################

$SMTP_Username = "Username"
$SMTP_Password = ConvertTo-SecureString "Password" -AsPlainText -Force
$Creds = New-Object System.Management.Automation.PSCredential ($SMTP_Username, $SMTP_Password)
$From = ""
$To = ""
$SMTPServer = ""
$SMTPPort = ""

###################
### CSS Styling ###
################### 

$css = @"

"@

#############################
### Inactive Users Script ###
#############################

$time = (Get-Date).Adddays(-($Users_DaysInactive)) 

$Inactive_Users = Get-ADUser -Filter {LastLogonDate -lt $time} -Properties PasswordLastSet,Created,LastLogonDate | 

select-object @{Name="User Name"; Expression={$_.Name}}, @{Name="Password Last Changed Date"; Expression={$_.PasswordLastSet}}, @{Name="Account Created Date"; Expression={$_.Created}}, @{Name="Last Logon Date"; Expression={$_.LastLogonDate}}, @{Name="Account Enabled Status"; Expression={$_.Enabled}}

if ($Inactive_Users_CSV -eq 1) {$Inactive_Users | Export-Csv $Export_Directory\InactiveUser-$(get-date -f yyyy-MM-dd).csv}

if ($Inactive_Users_HTML -eq 1) {
$Inactive_Users_HTML = $Inactive_Users | ConvertTo-Html -Head $css
$Subject = $Organization_Name +  " AD Report | Inactive Users | " + (Get-Date).ToString()
[email protected]" 
$Inactive_Users_HTML
"@
Send-MailMessage -From $From -to $To -Subject $Subject -Body $Body -SmtpServer $SMTPServer -port $SMTPPort -UseSsl -Credential $Creds –DeliveryNotificationOption OnSuccess -BodyAsHtml
}

#################################
### Inactive Computers Script ###
#################################

$time = (Get-Date).Adddays(-($Computers_DaysInactive)) 

$Inactive_Computers = Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -Properties LastLogonTimeStamp | 

select-object @{Name="Computer Name"; Expression={$_.Name}},@{Name="Distinguished Name"; Expression={$_.DistinguishedName}},@{Name="Last Logon Date"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}},@{Name="Account Enabled Status"; Expression={$_.Enabled}}

if ($Inactive_Computers_HTML -eq 1) {
$Inactive_Computers_HTML = $Inactive_Computers | ConvertTo-Html -Head $css
$Subject = $Organization_Name + " AD Report | Inactive Computers | " + (Get-Date).ToString()
[email protected]" 
$Inactive_Computers_HTML
"@
Send-MailMessage -From $From -to $To -Subject $Subject -Body $Body -SmtpServer $SMTPServer -port $SMTPPort -UseSsl -Credential $Creds –DeliveryNotificationOption OnSuccess -BodyAsHtml
}

if ($Inactive_Computers_CSV -eq 1) {$Inactive_Computers | Export-Csv $Export_Directory\InactiveComputer-$(get-date -f yyyy-MM-dd).csv}