Active directory script

Hello

I’m searching a powershell script for AccountDisabled with value of time

This one works fine but i want to know the disabled user in the last 30 days only, and not all the AD

Possible?

Thank you

Search-ADAccount –AccountDisabled –UsersOnly –ResultPageSize 2000 –ResultSetSize $null | Select-Object SamAccountName, DistinguishedName


You can get the AccountExpirationDate property from Get-ADUser:

$today = Get-Date
$user = Get-AdUser -Filter {(Enabled -eq $True) -and (AccountExpirationDate -lt $Today)} -Properties AccountExpirationDate

If I understood correctly you want to find users who has been disabled in the past 30 days. you could look in to whenChanged and Enabled attributes, but the account might be changed by some other attribute thus it would not be solid data.

This is the closest that I can come up to find disabled users and then check when the userAccountControl flag has been set the last time.

[pre]

get-aduser -Filter {enabled -eq $false} | Get-ADReplicationAttributeMetadata -Server (Get-ADDomain).pdcemulator | where {$.attributename -eq “userAccountControl” -and $.LastOriginatingChangeTime -ge (get-date).adddays(-30)}

[/pre]