The difference between the two method of exporting AD user that was disabled in

Hi People,

I need your help and assistance in explaining the Powershell to export the list of AD user that was disabled in the past 180 days or 6 months.

There are two methods, I just need to know which one is the correct one to use?

Script 1 from this forum: When an account is disabled, the userAccountControl attribute is set to 514. Therefore, with Get-ADReplicationAttributeMetadata to find out when that attribute was the last set

$disabledUsers = Get-ADObject -Filter "ObjectClass -eq 'User' -and userAccountControl -eq '514'"

foreach ($disabledUser in $disabledUsers)
{
Get-ADReplicationAttributeMetadata $disabledUser -Server localhost |
Where-Object { $_.AttributeName -eq 'UserAccountControl' } | Select Object, LastOriginatingChangeTime |
Where-Object { $_.LastOriginatingChangeTime -gt (Get-Date).AddDays(-180) }
}

Script 2 was already customized fully using the most common Get-ADUser cmdlet.

$domainDN = (Get-ADDomain).DistinguishedName

$excludeOUs = @(
'OU=Shared Mailbox'
'OU=Company Leaver'
) | ForEach-Object { $_ + ',' + $domainDN }

$Past = -180
$Days = (Get-Date).AddDays($Past)
$ResultPath = "C:\TEMP\ADLastLogonPast_$($Past)_Days.csv"
$properties = @('Name', 'mail', 'physicalDeliveryOfficeName', 'DisplayName', 'title', 'SamAccountName', 'CanonicalName', 'lastlogondate')
$filter = { (LastLogonDate -notlike '*' -or LastLogonDate -le $Days) -and (passwordLastSet -le $Days) -and (enabled -eq $True) -and (PasswordNeverExpires -eq $false) -and (whenCreated -le $Days) }

Get-ADUser -properties $properties -Filter $filter -SearchBase $domainDN |
Select-Object DisplayName,
Title,
PhysicalDeliveryOfficeName,
UserPrincipalName,
LastLogonDate,
@{ n = 'LastLogonDaysAgo'; e = { [int]((Get-Date) - $_.LastLogonDate).TotalDays } },
@{ n = 'CN'; e = { Split-Path $_.CanonicalName -Parent } },
@{ n = 'ParentContainer'; e = { $_.DistinguishedName -replace '^CN=.*?(?=CN|OU)' } } | Where-Object {
($_.SamAccountName -notmatch '^(Calendar|Room|Account|Fax|Team|Office|Test|User|SM_|HealthMailbox|SVC)$') -and
($excludeOUs -notcontains $_.ParentContainer)
} |
Export-Csv -NoTypeInformation -Path $ResultPath

Thank you in advance for your explanation & assistance in this matter.

IT,

When you crosspost the same question at the same time to different forums you should at least post links to the other forums along with your question to avoid people willing to you help making their work twice or more.

https://stackoverflow.com/questions/61542974/powershell-to-get-the-ad-user-that-was-disabled-in-the-past-6-months-confusion

Thanks

Really?? … you seem to work with IT for about 10 years and I assume with Powershell for some years as well. And you really don’t know how to format output to your needs or to use Select-Object? And you don’t know as well how to find the information you need to accomplish such a task? I think you’re just beeing lazy.

Done that, I have reduced the scope of the question here to just explain to me which cmdlets and script can be developed further.

So all is good, relax man, chill out and take it easy.

I’d have to agree with Olaf. You haven’t even attempted to adapt either of the scripts for your needs?

[quote quote=224739]I’d have to agree with Olaf. You haven’t even attempted to adapt either of the scripts for your needs?

[/quote]

That’s why I have reduced the scope of this question to just a discussion, as I do not have experience in this advance Powershell scripting.