From 779d2ad2dd6e3436452e7b27215ef523917b36fa Mon Sep 17 00:00:00 2001
From: Corbin <corbin@cbarts.net>
Date: Mon, 13 May 2024 12:16:47 -0400
Subject: [PATCH] Refactor user search and filtering, disabling. Include
 DisplayName

---
 ad/Disable-InactiveAdUser.ps1 | 38 +++++++++++------------------------
 1 file changed, 12 insertions(+), 26 deletions(-)

diff --git a/ad/Disable-InactiveAdUser.ps1 b/ad/Disable-InactiveAdUser.ps1
index 7934c21..3ae67bd 100644
--- a/ad/Disable-InactiveAdUser.ps1
+++ b/ad/Disable-InactiveAdUser.ps1
@@ -2,50 +2,36 @@
 # Disable-InactiveAdUser
 # 
 
+$MaxAccountAge = 45
+$UsersOU = "OU=Users - Synced,OU=_Quantum Leap,DC=QLCOM,DC=COM"
+
 $SmtpServer = 'qlmi-com.mail.protection.outlook.com'
 $SmtpPort = 25
 $SmtpFrom = 'Quantum Leap Security <security@qlmi.com>'
 $SmtpTo = @(
     'security@qlmi.com'
 )
-
-$MaxAccountAge = 45
-$UsersOU = "OU=Users - Synced,OU=_Quantum Leap,DC=QLCOM,DC=COM"
+$SmtpSubject = "Disabled inactive AD accounts over max age $MaxAccountAge days"
 
 # Get a list of enabled AD users who have not logged in in $MaxAccountAge days
-$Users = Get-ADUser -Filter 'enabled -eq $true' -SearchBase "$UsersOU" | % {
-    New-Object PSObject -Property @{
-        "userPrincipalName" = $_.userPrincipalName
-        "Enabled" = $_.Enabled
-        "lastLogon" = [DateTime]::FromFileTime(($_ | Get-ADObject -Properties lastLogon).LastLogon)
-        "distinguishedName" = $_.distinguishedName
-    }
-} | Where-Object -FilterScript { $_.lastLogon -lt (Get-Date).AddDays(-$MaxAccountAge) }
-
-# Export a report of the users
-if (!(Test-Path -Path 'C:\temp')) {
-    New-Item -Path 'C:\temp' -ItemType Directory -ErrorAction SilentlyContinue
-}
-$ReportPath = Join-Path -Path 'C:\temp' -ChildPath "disabled_users_$(Get-Date -UFormat '%s').csv"
-$Users | Export-Csv -NoTypeInformation -Path $ReportPath
+$Users = Get-ADUser -SearchBase "$UsersOU" -Filter * -Properties * `
+   | where { $_.Enabled -eq $true -and [DateTime]::FromFileTime($_.lastLogon) -lt (Get-Date).AddDays(-$MaxAccountAge) } `
+   | select DisplayName,userPrincipalName,lastLogon,distinguishedName | % { $_.lastLogon = [DateTime]::FromFileTime($_.lastLogon); $_ }
 
 # Disable the accounts
-foreach ($User in $Users) {
-    Disable-ADAccount -Identity $User.distinguishedName
-}
+$Users | Disable-ADAccount
 
-# Email the report
-if (($Users.Enabled).Count -gt 0) {
+# Email a report
+if (($Users.distinguishedName).Count -gt 0) {
     $EmailBody = @"
 <h2>Users Disabled</h2><br/>
 <p>The following user accounts have been disabled:</p>
 <ul>
-    $($Users | % { "<li>$($_.userPrincipalName), not logged in since $($_.lastLogon)</li>" })
+    $($Users | % { "<li>$($_.DisplayName) &lt;$($_.userPrincipalName)&gt;, not logged in since $($_.lastLogon)</li>" })
 </ul><br/>
 <p>This email was sent automatically. Please do not reply.</p>
 "@
 
     Send-MailMessage -SmtpServer $SmtpServer -Port $SmtpPort -UseSsl -From $SmtpFrom -To $SmtpTo `
-        -Subject "Disabled inactive AD accounts over max age $MaxAccountAge days" `
-        -Body "$EmailBody" -BodyAsHtml
+        -Subject $SmtpSubject -Body "$EmailBody" -BodyAsHtml
 }