Managing Active Directory Attributes
Here is a script that will dump disabled users and computer accounts in AD to the CSV file:
Import-Module -Name ActiveDirectory $DateTime = Get-Date -Format "MM_dd_yyyy_HH_mm" $FileName = "Disabled_Accounts_$DateTime" Search-ADAccount -AccountDisabled | Select-Object Name,ObjectClass >> c:\Scripts\$FileName.csv
In the previous script, if you just want to look for disabled user accounts or computers accounts, change the cmdlet in the last line as follows:
Search-ADAccount –AccountDisabled -UsersOnly Search-ADAccount –AccountDisabled -ComputersOnly
The Search-ADAccount cmdlet is useful if you want to find out the user's attributes such as expiring passwords, accounts whose passwords are set to never expire, locked out accounts, and so on. Here are some of the examples and, as always, you can use the help of the command using Get-Help Search-ADAccount.
If you are reviewing your current Active Directory for security vulnerabilities, one of the things that...
