Table of Contents

Active Directory User and Computer Audit

Users

  1. Run the following in a administrator Powershell:
    Get-ADUser -Filter * -Properties “LastLogonDate” | export-csv -path ad-user1.csv
  2. Open in Excel and sort by LastLogonDate Ascending
  3. Consider removing accounts that are inactive for over a year
  4. Make a script with the following:
    Disable-ADAccount -Identity <SamAccountName>

Comptuers

  1. Run the following in a administrator Powershell:
    Get-ADComputer -Filter * -Properties LastLogonDate,operatingSystem,operatingSystemVersion,IPv4Address | export-csv -path ad-computers1.csv
  2. Open in Excel and sort by LastLogonDate Ascending
  3. Consider removing accounts that are inactive for over a year
  4. Make a script with the following:
    Disable-ADAccount -Identity <SamAccountName>