38 lines
1.3 KiB
PowerShell
38 lines
1.3 KiB
PowerShell
#
|
|
# Disable-InactiveAdUser
|
|
#
|
|
|
|
$MaxAccountAge = 45
|
|
$UsersOU = "OU=Users - Synced,OU=_Quantum Leap,DC=QLCOM,DC=COM"
|
|
|
|
$SmtpServer = 'qlmi-com.mail.protection.outlook.com'
|
|
$SmtpPort = 25
|
|
$SmtpFrom = 'Quantum Leap Security <security@qlmi.com>'
|
|
$SmtpTo = @(
|
|
'security@qlmi.com'
|
|
)
|
|
$SmtpSubject = "Disabled inactive AD accounts over max age $MaxAccountAge days"
|
|
|
|
# Get a list of enabled AD users who have not logged in in $MaxAccountAge days
|
|
$Users = Get-ADUser -SearchBase "$UsersOU" -Filter * -Properties * `
|
|
| where { $_.Enabled -eq $true -and [DateTime]::FromFileTime($_.lastLogon) -lt (Get-Date).AddDays(-$MaxAccountAge) } `
|
|
| select DisplayName,userPrincipalName,lastLogon,distinguishedName | % { $_.lastLogon = [DateTime]::FromFileTime($_.lastLogon); $_ }
|
|
|
|
# Disable the accounts
|
|
$Users | Disable-ADAccount
|
|
|
|
# Email a report
|
|
if (($Users.distinguishedName).Count -gt 0) {
|
|
$EmailBody = @"
|
|
<h2>Users Disabled</h2><br/>
|
|
<p>The following user accounts have been disabled:</p>
|
|
<ul>
|
|
$($Users | % { "<li>$($_.DisplayName) <$($_.userPrincipalName)>, not logged in since $($_.lastLogon)</li>" })
|
|
</ul><br/>
|
|
<p>This email was sent automatically. Please do not reply.</p>
|
|
"@
|
|
|
|
Send-MailMessage -SmtpServer $SmtpServer -Port $SmtpPort -UseSsl -From $SmtpFrom -To $SmtpTo `
|
|
-Subject $SmtpSubject -Body "$EmailBody" -BodyAsHtml
|
|
}
|