Disable Inactive User Accounts

This script finds and disables user accounts that have been inactive for a certain number of days. This is useful for ensuring your AD environment remains secure and free from unused accounts.

# Define the inactivity threshold (in days)
$inactivityDays = 90
$inactiveDate = (Get-Date).AddDays(-$inactivityDays)

# Get inactive users and disable them
$inactiveUsers = Get-ADUser -Filter {LastLogonDate -lt $inactiveDate -and Enabled -eq $true} -Properties LastLogonDate

foreach ($user in $inactiveUsers) {
    Disable-ADAccount -Identity $user.SamAccountName
    Write-Output "Disabled account: $($user.SamAccountName), Last Logon: $($user.LastLogonDate)"
}

• Explanation: This script disables accounts that haven’t logged in for the specified number of days.

PreviousUser Access Review NextBulk Group Membership Addition

Last updated 8 months ago