PowerShell to find enabled user objects per OU in Active Directory

SO you’ve been tasked with trying to find out how many user objects exist i your domain, but the OU structure is so disorganised, you don’t know where to start?

This simple PowerShell script will tweeze out all any user objects no matter where they are hidden, so long as the account context you run it in can see them.
Continue reading PowerShell to find enabled user objects per OU in Active Directory

PowerShell to find unused AD user accounts

When you run scripts to find Active Directory user accounts that haven’t been used in a while, one thing the standard approach misses is accounts that have never been used.

Finding Active Directory user accounts that have never been used is a little tricky, in that the lastlogontimestamp is NULL although the attribute type is a large integer.  Querying this in PowerShell requires a back-to-front approach as we can’t query if the value is NULL, we have to query if the value is not ‘not-NULL’…. i.e. lastlogontimestamp -like “*”

Continue reading PowerShell to find unused AD user accounts