Filtering Active Directory users by dates and datemodified property

Hi there,

I am looking at automating a resignation process when an a person at an organisation leaves.

Currently the way the service desk do it manually is that when the intranet disables the user it puts the date when the user got disabled in the description property. The way it is written in the Description field is like

"Disabled 29/06 -Refer 1233236 "
and the modified field in ADi s written as 29/06/2015

(sorry about the date notation, I am a New Zealander).

They match that with the modified field and after two weeks they then proceed to do the necessary removing of group memberships etc.

The aspect that I am struggling with is the logic Powershell will use to determine based on the requirements of the business, and how that would be written.

I can get the list of users like so

get-aduser -filter * -Properties description | where {$_.description -like "*disabled*"}

but I am unsure how to evaluate it further…

This is an interesting exercise and I would love to have a basis to work off…any ideas/examples that I can use would be most appreciated.

Wei-Yen Tan

Well, I’d start by filtering as much as possible in the -filter parameter, rather than using * as you’re doing. As-is, you’re querying the entire domain, which is overkill.

But for the date comparison what exactly are you looking for? The last modified date in AD being greater than two weeks?