Skip to main content

Disable - Inactive AD Users - X Days

Summary

This script detects the inactive users over X days (configurable via the system property Inactive_AD_Users_Threshold_Days; default: 90 days) to disable them, and records the data into the Table - pvl_ad_inactive_users so that it can be represented in the Dataview - Inactive AD Users Audit.

This script excludes the default account Administrator|Guest|krbtgt|DefaultAccount|.*\$. Here, *\$ meant any user that has $ its name at the end.

For e.g. Computername$ UserName$

Sample Run

Run normally to disable inactive AD users over threshold
Sample Run 1

File Hash

PathAlgorithmHash
C:\ProgramData\_automation\script\Inactive_ADUsers\Inactive_ADUser.ps1MD5A800A3A4D67F6FCD40AC2A82BE22BAC6
C:\ProgramData\_automation\script\Inactive_ADUsers\Inactive_ADUser.ps1SHA2566CB55D8370C4F78826C2893CD30472EC180A19FE4DBF0886C3AD5C3190E98EC2

Dependencies

Solution- Inactive AD Users Disable/Enable

System Property

NameLevelRequiredDescription
Inactive_AD_Users_Threshold_Days90TrueThis is set to detect the inactive users those are not logged in from the provided days. Default is 90 days. Property
Inactive_AD_Users_Exclude_Disabledemo,test,testuserFalseThis will exclude the users from being included in the list to get disabled. The user's list should be provided in a comma-separated format. e.g., John,Kevin,demo. Property

Process

  1. If the property Inactive_AD_Users_Exclude_Disable is provided and the Client EDF Exclude AD Inactive UserList is set with the users, then script will exclude the users list from property Inactive_AD_Users_Exclude_Disable + Exclude AD Inactive UserList Client EDF list.

  2. If the property Inactive_AD_Users_Exclude_Disable is empty and the Client EDF Exclude AD Inactive UserList is set, then the Client EDF Exclude AD Inactive UserList list of users will be excluded.

  3. If property Inactive_AD_Users_Exclude_Disable has user lists and the EDFs at client level Exclude AD Inactive UserList is empty, then the script Inactive_AD_Users_Exclude_Disable will be accepted for the exclusion.

Output