A PowerShell script to analyze and report active and inactive AD objects.
How the script was made and what to take care of.
How can I find out which Active Directory objects are inactive and which are active?
Lately I repeatedly have had to prepare reports of active and inactive Active Directory objects. For this purpose, I wrote a small Powershell script which searches for enabled and disabled users and computers via a LDAP-filter.
For the computers I additionally distinguished between server- and client-operation systems. Because groups cannot be disabled I distinguished between groups with and without members.
I did not use Quest cmdlets this time, because searching with ‘native’ tools is faster and uses fewer resources.
PowerShell script: active and inactive AD objects
This is the complete PowerShell script: