I have several hundred Service Accounts I am auditing and then I am disabling any account that has not been logged into at all, or any service account that has not been logged into in over 730 days/2 years . I am using PowerShell to first check the logon date, and then simply using Get-Aduser -identity xxx | Disable-Adaccount . For the accounts that have been logged into, PowerShell disables the accounts accordingly. But the accounts that have never been logged into, the LastLogonDate is Null, PowerShell does not return any errors, but when I run Get-Aduser the account remain True/Active. I can not figure out why PowerShell won't disable the account, but if I access ADAC or ADUC directly, I can disable them with out a problem. Is there a valid reason for this? Or is there a way to back check if the service is actively running on a remote server, which would be locking or blocking the account from being disabled? Or lastly, is there a line of code I can add that will allow PowerShell to disable these accounts?