Powershell script to find disabled users and when they were disabled

HI there,

I am looking for a PowerShell script which can lookup All disabled users in AD and when they were disabled, or how long ago they were disabled.
Can anybody help me with this?

Kind regards,

Jos Verhallen
  • AD does not store when an account was disabled. Depending on how the account was disabled, you may have another source you could query like Microsoft's Audit Collection Services (ACS). Failing that, the closest thing you could key off of would be the last modified date; however, that attribute can not be considered 100% accurate as the last modified object would change if the object were moved, added or removed from groups, etc.

    Since this is all about automation, I would consider adding the disabled date to an available field in the AD object when you disable the object. Then, you could query that field at a later time. Of course, that won't help for accounts that are already disabled.

    Let me know if this gets you started in the right direction. If you need some code examples for any the options above, feel free to ask and I'll post it.
  • justpaul is right about the when and how long ago they were disabled. however just to find disabled users is quite simple. Get-QADUser -sizelimit 0 -disabled. there is also a -inactivefor switch that might be worth looking into and see if that helps.