Powershell: Find stale Users

old user

Having old, unused user accounts sitting in your domain can send red-flags flying by auditors. It’s easy to create an account and think it will be used for the foreseeable future, but often times this is not the case.

This script queries your domain for user accounts that have not logged in in the past 6 months. It creates an HTML report and emails you the results. The email can be reviewed and action can be taken based on your discretion. I have added an option for you to un-comment which will automatically disable accounts that fit this criteria. Powershell v3 with the new Active Directory module is required for this to work.

<# Workflow

Query AD for users who have not

logged in in over 6 months.

#>

 

#Import AD module

Import-Module ActiveDirectory

 

# 6 months ago

$6months = Get-date

$6months = $6months.adddays(-180)

 

$Format = @{Expression={$_.SamAccountName};Label=“User Login Name”},`

@{Expression={$_.name};Label=“Account Name”},`

@{Expression={$_.whencreated};Label=“Created”},`

@{Expression={$_.passwordneverexpires};Label=“Password Never Expires”},`

@{Expression={$_.lastlogondate};Label=“Last Logon”},`

@{Expression={$_.enabled};Label=“Enabled”}

 

#Filter for users who havent logged in for 6 months as the basis of the filter. Add some additional properties.

Get-ADUser -filter { (lastlogondate -le $6months) } -properties * | Sort-Object lastlogondate | ConvertTo-Html $Format -Title “AD User Report” > .\Documents\Users.htm

 

#Send the email

Send-MailMessage -to you@domain.com -Subject “AD Account Report” SmtpServer 192.168.1.1 -From server@domain.com -Attachments .\Documents\Users.htm

 

#Un-comment this line to automatically disable the accounts rather than send a report 

#Get-ADUser -filter { (lastlogondate -le $6months) -and (enabled –eq “true”) } | Set-Aduser -enabled $false

–>

Advertisements
Powershell: Find stale Users

Powershell: Query domain for expiring certificates

Certificate expirations can be a pain to manage and are often overlooked. Some people have spreadsheets, set calendar reminders or just wait until a customer complains. I used to have a Unix script that would search an entire subnet for servers with expiring certs, but it was not very robust, searching subnets can return some questionable results.

This script starts by querying active directory to get a list of computer names that match string(s) that you enter. Then powershell searches the servers for certs that are within 14 days of expiring. The script will then email you an HTML report if there are certs expiring, if not it will do nothing. This script is highly customizable, so tweak it as needed.

<#

Script to check AD computers

for expiring certificates.

Author: Ryan Clark

Date: 4/1/13

#>

 

 

#Import AD module

Import-Module ActiveDirectory

 

#Make sure computers array is empty incase script has been run
in this session before

$Computers.Clear()

 

#Fill array with computers you want to filter by this example
is computers that start with DEV and PRD

$Computers = Get-ADComputer -Filter ‘Name -like “DEV*” -or Name -like “PRD*”’ | Foreach {$_.Name}

 

#Count Computers

$CompNum= $Computers.count

 

#Set a date variable for today and two weeks ago. Change the
date in TwoWeeks to modify the expiration time

$Today = (Get-Date).ToString(yyyy/MM/dd)

$TwoWeeks= (Get-Date).AddDays(+30).ToString(yyyy/MM/dd)

 

#HTML Style config

$a = “<style>”

$a = $a + BODY{background-color:white;}”

$a = $a + TABLE{border-width:1px;border-style: solid;border-color: black;border-collapse: collapse;}”

$a = $a + TH{border-width:1px;padding: 5px;border-style: solid;border-color: black;background-color:#D0A9F5}”

$a = $a + TD{border-width:1px;padding: 5px;border-style: solid;border-color: black;background-color:#FAFAFA}”

$a = $a + “</style>”

 

#Run through each computer and check for certs within the
configured date period

$i=0

Clear-content C:\Admin\CertReport.htm

while($i lt $CompNum)

{

Write-Host “Working on:” $Computers[$i]

#If your certs are in a different store change the Cert:\ path

$Certs = invoke-command ComputerName $Computers[$i] ScriptBlock {Get-ChildItem Cert:\LocalMachine\My}

$CertCount=$certs.count

$j=0

 while($j lt $CertCount)

 { 

   if (($Certs[$j].NotAfter gt $Today) -and ($Certs[$j].NotAfter lt $TwoWeeks) )

   {

    $Certs[$j] | ConvertTo-Html -head $a -title “Expiry Information” -property PSComputerName,Subject,NotAfter
>> C:\Admin\CertReport.htm

   }

   ++$j

 }

++$i

}

 

#Either email a report or do nothing

if
((Get-Content “C:\Admin\CertReport.htm”eq $Null)

{

 write-host
“No expiring certificates. Ending script.”

}

else

{

 #Modify the -to field to send to another user or DL

 write-host
“Expired certificates found, emailing report”

 Send-MailMessage -to me@mydomain.com -Subject
“Certificate Report” SmtpServer x.x.x.x -From myserver@domain.com -Attachments C:\Admin\CertReport.htm

}

Powershell: Query domain for expiring certificates