Hello
I’m searching a powershell script for AccountDisabled with value of time
This one works fine but i want to know the disabled user in the last 30 days only, and not all the AD
Possible?
Thank you
Search-ADAccount –AccountDisabled –UsersOnly –ResultPageSize 2000 –ResultSetSize $null | Select-Object SamAccountName, DistinguishedName
You can get the AccountExpirationDate property from Get-ADUser:
$today = Get-Date
$user = Get-AdUser -Filter {(Enabled -eq $True) -and (AccountExpirationDate -lt $Today)} -Properties AccountExpirationDate
If I understood correctly you want to find users who has been disabled in the past 30 days. you could look in to whenChanged and Enabled attributes, but the account might be changed by some other attribute thus it would not be solid data.
This is the closest that I can come up to find disabled users and then check when the userAccountControl flag has been set the last time.
[pre]
get-aduser -Filter {enabled -eq $false} | Get-ADReplicationAttributeMetadata -Server (Get-ADDomain).pdcemulator | where {$.attributename -eq “userAccountControl” -and $.LastOriginatingChangeTime -ge (get-date).adddays(-30)}
[/pre]