Audit all users in Active Directory

This will output all users in the domain with their last login timestamp converted to dd/mm/yyyy format, creation date, and enabled value.

get-aduser -Filter * -Property whenCreated, LastLogonTimeStamp, AccountExpirationDate | Select Distinguishedname, whenCreated,@{Name='LastLogonTimestamp'; Expression={[DateTime]::FromFileTime($_.LastLogonTimestamp).ToString("dd/MM/yyyy")}}, AccountExpirationDate, Enabled | Export-CSV output.csv

Add the following switch to the get-aduser command to limit the search,

-SearchBase "OU=staff,ou=users,ou=business,dc=work,dc=com"

Add the following command to exclude any objects in the sub OU ‘Archive’,

| Where {$_.DistinguishedName -notlike '*Archive*'}

Add the following switch to get-aduser command to not search sub OUs,

-SearchScope OneLevel

Example below with all options,

get-aduser -filter * -SearchBase "OU=staff,ou=users,ou=business,dc=work,dc=com" -SearchScope OneLevel -Property whenCreated, LastLogonTimeStamp, AccountExpirationDate | Select Distinguishedname, whenCreated, @{Name='LastLogonTimestamp'; Expression={[DateTime]::FromFileTime($_.LastLogonTimestamp).ToString("dd/MM/yyyy")}}, AccountExpirationDate, Enabled | Export-CSV output.csv
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s