Report active and inactive AD objects – Powershell
A PowerShell script to analyze and report active and inactive AD objects.
How the script was made and what to take care of.
Index
How can I find out which Active Directory objects are inactive and which are active?
Lately I repeatedly have had to prepare reports of active and inactive Active Directory objects. For this purpose, I wrote a small Powershell script which searches for enabled and disabled users and computers via a LDAP-filter.
For the computers I additionally distinguished between server- and client-operation systems. Because groups cannot be disabled I distinguished between groups with and without members.
I did not use Quest cmdlets this time, because searching with ‘native’ tools is faster and uses fewer resources.
PowerShell script: active and inactive AD objects
This is the complete PowerShell script:
$searchRoot = “LDAP://DC=firstattribute,DC=de”
$searchRootDirEntry = New-Object System.DirectoryServices.DirectoryEntry($searchRoot)
$searcher = New-Object System.DirectoryServices.DirectorySearcher($searchRootDirEntry)
$searcher.PageSize = 1000
$searcher.SizeLimit = 0
Write-Host “Search results for domain : ” $searchRootDirEntry.name
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
Write-Host ” “
$searcher.Filter = “(&(objectClass=user)(objectCategory=person)(!useraccountcontrol:1.2.840.113556.1.4.803:=2))”
$results = $searcher.FindAll()
Write-Host ” Enabled User Accounts : ” $results.Count
$searcher.Filter = “(&(objectClass=user)(objectCategory=person)(useraccountcontrol:1.2.840.113556.1.4.803:=2))”
$results = $searcher.FindAll()
Write-Host ” Disabled User Accounts : ” $results.Count
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
Write-Host ” “
$searcher.Filter = “(&(objectClass=group)(objectCategory=group)(member=*))”
$results = $searcher.FindAll()
Write-Host ” Groups with member : ” $results.Count
$searcher.Filter = “(&(objectClass=group)(objectCategory=group)(!member=*))”
$results = $searcher.FindAll()
Write-Host ” Empty Groups : ” $results.Count
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
Write-Host ” “
$searcher.Filter = “(&(objectClass=computer)(objectCategory=computer)(operatingSystem=*server*)(!useraccountcontrol:1.2.840.113556.1.4.803:=2))”
$results = $searcher.FindAll()
Write-Host ” Enabled Servers : ” $results.Count
$searcher.Filter = “(&(objectClass=computer)(objectCategory=computer)(operatingSystem=*server*)(useraccountcontrol:1.2.840.113556.1.4.803:=2))”
$results = $searcher.FindAll()
Write-Host ” Disabled Servers : ” $results.Count
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
Write-Host ” “
$searcher.Filter = “(&(objectClass=computer)(objectCategory=computer)(!operatingSystem=*server*)(!useraccountcontrol:1.2.840.113556.1.4.803:=2))”
$results = $searcher.FindAll()
Write-Host ” Enabled Clients : ” $results.Count
$searcher.Filter = “(&(objectClass=computer)(objectCategory=computer)(!operatingSystem=*server*)(useraccountcontrol:1.2.840.113556.1.4.803:=2))”
$results = $searcher.FindAll()
Write-Host ” Disabled Clients : ” $results.Count
Leave a Reply
<p>Your email is safe with us.<br/>Information about our <a href="https://activedirectoryfaq.com/contact-us/">data protection policies</a></p>