Showing posts with label Active directory. Show all posts
Showing posts with label Active directory. Show all posts

Wednesday, 26 June 2024

HOW TO FIND INACTIVE USER ACCOUNT ON ACTIVE DIRECTORY USING POWERSHELL

Hi there,

If you are looking to tidy up your Active Directory by finding inactive accounts, I have a PowerShell script that can do just that. Save and run this script on your domain controller. This is just a audit tool and wont delete any thing.

  1. Save the code with a ".PS1" extension.
  2. Open PowerShell as an admin and run the script.


    Clear-Host

    Write-Host -ForegroundColor yellow " FIND INACTIVE USERS/STALE USER"

    # Import the Active Directory module
    Import-Module ActiveDirectory

    # Prompt the user for the number of days
    $daysInactive = Read-Host "Enter the number of days for inactive accounts"

    # Calculate the date
    $timeSpan = (Get-Date).AddDays(-$daysInactive)

    # Search for inactive user accounts
    $inactiveAccounts = Get-ADUser -Filter {LastLogonDate -lt $timeSpan -and Enabled -eq $true} -Property LastLogonDate, DistinguishedName |
    Select-Object Name, SamAccountName, LastLogonDate, DistinguishedName

    # Check if any inactive accounts were found
    if ($inactiveAccounts.Count -eq 0) {
    Write-Host "No inactive accounts found."
    } else {
    # Display the inactive accounts in a grid view
    $inactiveAccounts | Out-GridView -Title "Inactive User Accounts"
    }
at No comments:
Labels: , , , ,

Sunday, 20 October 2019

HOW TO FIND INACTIVE (STALE) COMPUTER AND USER IN AD USING POWERSHELL

Hi Ya,

I have compiled this easy powershell script that will help you find the inactive computer and user.
This is very safe and easy to use as this script only display the inactive computer and user. This wont delete or disable any thing from your Active directory.

Save this script as ".PS1" extension and run this in your DC server.

 Write-Host -ForegroundColor Yellow "Input the no of inactive days : " -NoNewline   
 $staledays = Read-Host  
 $staledays = (Get-Date).AddDays(-$staledays)   
 Get-ADComputer -Property Name,lastLogonDate -Filter {lastLogonDate -lt $staledays}| Select-Object -Property Name,LastLogonDate,Distinguishedname,Enabled|Sort-Object -Property Name | Out-GridView -Title 'List of stale computers'  
 Get-ADuser -Property Name,lastLogonDate -Filter {lastLogonDate -lt $staledays}| Select-Object -Property Name,LastLogonDate,Distinguishedname,Enabled|Sort-Object -Property Name | Out-GridView -Title 'List of stale users'

at No comments:
Labels: , , ,

Friday, 29 June 2018

HOW TO ORGANIZE YOUR ORGANIZATIONAL STRUCTURE (OU)

HOW TO ORGANIZE YOUR ORGANIZATIONAL STRUCTURE (OU) PROPERLY


Hi Ya,

I have seen many messy Active Directory Structure where there is mixture of users and computers. Creating and targeting policy is a messy. When you built your AD,it  will look like the picture on the right.

They are the default Microsoft AD OU structure. These OU has specific Purpose.
OU
CONTENTS
Builtin
The Builtin container holds default service administrator accounts and domain local security groups. These groups are pre-assigned permissions needed to perform domain management tasks.
Computers
The Computers container holds all computers joined to the domain without a computer account. It is the default location for new computer accounts created in the domain.
Domain Controllers
The Domain Controllers OU is the default location for the computer accounts for domain controllers.
ForeignSecurityPrincipals
The ForeignSecurityPrincipals container holds proxy objects for security principals in NT 4.0 domains or domains outside of the forest.
LostAndFound
The LostAndFound container holds objects moved or created at the same time an Organizational Unit is deleted. Because of Active Directory replication, the parent OU can be deleted on one domain controller while administrators at other domain controllers can add or move objects to the deleted OU before the change has been replicated. During replication, new objects are placed in the LostAndFound container.
NTDS Quotas
The NTDS Quotas container holds objects that contain limits on the number of objects users and groups can own.
Program Data
The Program Data container holds application-specific data created by other programs. This container is empty until a program designed to store information in Active Directory uses it.
System
The System container holds configuration information about the domain including security groups and permissions, the domain SYSVOL share, DFS configuration information, and IP security policies.
Users
The Users container holds additional predefined user and group accounts (besides those in the Builtin container). Users and groups are pre-assigned membership and permissions for completing domain and forest management tasks.

 Source:  https://sites.google.com/a/pccare.vn/it/ent-admin-pages/default-containers

Many engineers will just create users, computer or security group inside one of these OU or  Just create OU  saying users and workstation. Personally I don't like engineers doing this because this makes harder to manage the OU structure and it will create mess on long run. Instead creating a separate organizational unit (OU) naming as your Organization name would just do good.



If you have a small to medium organization to maintain, do create a a separate parent OU relating to your organizational name. Add sub OU creating Users , computers and Groups to organize.



This makes way way  convenient to maintain Active Directory (AD). This not only help you to understand your AD, It will also easy on applying group policy to apply. This is because you can create sub OU inside the parent OUs

For example if my Organization have floors or room, I can create OU under that name and place my computer base on floors. Easily apply printing Group policy to the computer base on floor 1.





at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)