Export inactive users from Active Directory

How to export inactive AD users to CSV file? Sometimes you want to know which user account is inactive so you can block the account or see what’s happening. You can use the Active Directory Users and Computers console to check that. What if you need to check inactive users in a specific OU or group? Doing it with PowerShell will save you time. In this article, you will learn how to export inactive users from Active Directory.

Table of contents

Before you start to export inactive Active Directory users

It’s good to know how the PowerShell script works and what you need to do or change for the perfect export results:

  1. Run PowerShell as administrator.
  2. Users that are not logged in the last 90 days are exported. Suppose you want more or fewer days, change the $DaysInactive variable.
  3. The script will filter on enabled accounts only.
  4. Create a temp folder in (C:) drive. That’s where the script will export the CSV file.

Export inactive users from AD

Get all inactive users from Active Directory and export to CSV file.

Import-Module ActiveDirectory

$DaysInactive = 90
$Time = (Get-Date).Adddays( - ($DaysInactive))

Get-ADUser -Filter { LastLogonTimeStamp -lt $Time -and enabled -eq $true } -Properties * |
Select-Object Name, LastLogonDate |

Export-Csv "c:\temp\InactiveUsers.csv" -Encoding UTF8 -NoTypeInformation

Open the CSV file with your favorite editor. For example, Microsoft Excel.

Export inactive users Active Directory CSV file

Export inactive users from OU

Get all inactive users from specific OU in Active Directory and export to CSV file.

You need to copy the OU distinguishedName.

Export inactive users Active Directory OU

Paste the OU distinguishedName in the below $OU variable.

Import-Module ActiveDirectory

$OU = "OU=Finance,OU=Users,OU=Company,DC=exoip,DC=local"
$DaysInactive = 90
$Time = (Get-Date).Adddays( - ($DaysInactive))

Get-ADUser -Filter { LastLogonTimeStamp -lt $Time -and enabled -eq $true } -SearchBase $OU -Properties * |
Select-Object Name, LastLogonDate |

Export-Csv "c:\temp\InactiveUsersOU.csv" -Encoding UTF8 -NoTypeInformation

Export inactive users from group

Get all inactive users from specific group in Active Directory and export to CSV file.

You need to copy the group name (pre-Windows 2000).

Export inactive users Active Directory OU group

Paste the group name in the below $Group variable.

Import-Module ActiveDirectory

$Group = "Management-1620248956"
$DaysInactive = 90
$Time = (Get-Date).Adddays( - ($DaysInactive))

Get-ADGroupMember -Identity $Group -Recursive |
ForEach-Object {
    Get-ADUser -Properties * -Identity $_.SamAccountName | 
    Where-Object { $_.LastLogonDate -lt $Time -and $_.Enabled -eq $true } } |
Select-Object Name, LastLogonDate |

Export-Csv "c:\temp\InactiveUsersGroup.csv" -Encoding UTF8 -NoTypeInformation

That’s it!

Read more: Bulk move AD users to another OU with PowerShell »

Conclusion

You learned how to export inactive users from Active Directory. We showed three possibilities for exporting inactive users from Active Directory with PowerShell. Check your environment for inactive users and keep the PowerShell scripts as simple as possible.

Did you enjoy this article? You may also like Export AD users to CSV with PowerShell. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

TwitterLinkedIn

What Others Are Reading

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *