Share via

Best way to remove old accounts from AD

lalajee 1,821 Reputation points
2023-06-26T21:41:30.2833333+00:00

Hi,

We have over 6000 account which are disabled and enabled but not login more then 6 months.

How do I identify which account are in use and which accounts are not in use.

Does anyone has an script which they use to clear old account from AD

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dillon Silzer 57,831 Reputation points Volunteer Moderator
    2023-06-26T22:04:36.2+00:00

    Hello lalajee,

    Take a look at the following article:

    Regularly check for and remove inactive user accounts in Active Directory

    https://learn.microsoft.com/en-us/services-hub/health/remediation-steps-ad/regularly-check-for-and-remove-inactive-user-accounts-in-active-directory

    $d = [DateTime]::Today.AddDays(-180)
Get-ADUser -Filter '(PasswordLastSet -lt $d) -or (LastLogonTimestamp -lt $d)' -Properties PasswordLastSet,LastLogonTimestamp | ft Name,PasswordLastSet,@{N="LastLogonTimestamp";E={[datetime]::FromFileTime($_.LastLogonTimestamp)}}

    Hope this helps.

    If this is helpful please accept answer.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.