Hello @David Boudreau
You can use a different approach by checking user accounts that have not changed their passwords the last six months, and then disabling and removing those accounts from Active Directory.
In Active Directory Module for Windows PowerShell, run the following script to list the user accounts where the password has not changed in the last six months.
$d = [DateTime]::Today.AddDays(-180)
Get-ADUser -Filter '(PasswordLastSet -lt $d) -or (LastLogonTimestamp -lt $d)' -Properties PasswordLastSet,LastLogonTimestamp | ft Name,PasswordLastSet,@{N="LastLogonTimestamp";E={[datetime]::FromFileTime($_.LastLogonTimestamp)}}
Hope this resolves your Query!!
--
--If the reply is helpful, please Upvote and Accept it as an answer--