PowerShell – Report Inactive AD Users

Recently I’ve start playing a bit with Powershell and here’s a script that I created to audit inactive user accounts in Active Directory. Quickly, the script is searching inactive users in a specific OU as well as all its child OUs.

Then, if there are inactive users, it going to send an email to each OU’s manager containing the following information as well as archiving all the html files into a folder.

Inactive User Report

Noted that in my case, all user’s OUs are within the same OU, such as;

USER
–>Finance
–>Administration
–>Marketing

So here’s the script;

—————————–

#Import AD Module if required
if(@(get-module | where-object {$_.Name -eq “ActiveDirectory”} ).count -eq 0) {import-module ActiveDirectory}

#Define variable
$fragments=@()
$lastDays=90

#Report archive folder
$folderPath=”$env:temp\”
$smtp = “ENTERSMTPSERVERNAME”
$from = “EMAILFROM@YOURDOMAIN”COM”

#Get Child OUs
$searhOU = Get-ADOrganizationalUnit -SearchBase “ENTER_ROOT_OU_DISTINGUISHEDNAME” -filter * -SearchScope 2

if($searhOU){

foreach ($OU in $searhOU){

$OUName = $OU.Name

#Define HTML format
$head = @”
<style>
body { background-color:#FAFAFA;font-family:Arial;font-size:12pt; }
td, th { border:1px solid black;border-collapse:collapse; }
th { color:white;background-color:black; }
table, tr, td, th { padding: 2px; margin: 0px }
tr:nth-child(odd) {background-color: lightgray}
table { margin-left:50px; }
</style>
<H2>This report list inactive users in $OUName OU<BR></H2>
“@

$users = Search-ADAccount -SearchBase $OU.DistinguishedName -accountinactive -TimeSpan $lastDays -usersonly -SearchScope 1 `
| Get-ADUser -Properties * `
| Sort-Object DisplayName `
| Select-Object @{n=’User Name’;e={$_.DisplayName}},@{n=’UserID’;e={$_.samAccountName}} `
,Description,@{n=’Last Logon Date’;e={$_.lastLogonDate}},@{n=’Created On’;e={$_.WhenCreated}} `
, @{n=’Enabled’;e={$_.Enabled}}

if ($users -ne $NULL){

$fragments += $users | ConvertTo-HTML -Fragment
$filePath = Get-Date -uformat ($folderPath + $OUName + “_%d%m%Y.htm”)

ConvertTo-HTML -Head $head -Body $fragments -PostContent “<br><br><i>report generated: $(Get-Date)</i>” `
| Out-File -FilePath $filePath -Encoding ascii

$to = $OU.ManagedBy | Get-ADObject -properties * | Select-Object -ExpandProperty mail
$subject = “Report – Inactive user”
$body = (get-content $filePath ) | out-string

send-MailMessage -SmtpServer $smtp -To $to -From $from -Subject $subject -Body $body -BodyAsHtml

$obj = $NULL
$fragments = $NULL
$users = $NULL

}
}
}

Remove-Variable * -Force -ErrorAction SilentlyContinue

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s