#######################################################################################
##DisabledUserCleanup.ps1
##This script is designed to poll AD for any disabled user accounts that are over 30 days old and deletes them.
##The results are put into a file and then emailed to IT staff.
#######################################################################################

#load AD module
import-module activedirectory

$oldDate = [DateTime]::Today.AddDays(-0)
$AMSearchBase = “OU=Users,DC=domain,DC=local”
$ShortRegion = “AM”
$Region = “AM Region”
$delUsers = @()

Search-ADAccount -AccountExpired -Searchbase $AMSearchBase -UsersOnly |
Where { $_.AccountExpirationDate -lt (Get-Date).AddDays(-0) } |
Disable-ADAccount

##AM Section##
##Retrieves disabled user accounts and stores in an array
$expiredUsers = Get-ADUser -filter {(Enabled -eq $False)} -Searchbase $AMSearchBase -Searchscope 1 -Properties Name,SID,Enabled,LastLogonDate,Modified,info,description

foreach ($name in $expiredUsers) {
if ($name.info -le $name.modified -le $oldDate) {
Remove-ADUser -id $name.SID -confirm:$false
$delUsers = $delUsers + $name
}
}

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s