thomas/snippets
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added a script to automatically disable expired users.

Browse Source
This commit is contained in:
Thomas De Reyck
2024-11-08 15:48:50 +01:00
parent fbc9665a1c
commit 803cd36b34
1 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
microsoft/active_directory/disable_expired_users/start.ps1 Normal file
View File

@ -0,0 +1,24 @@
# This script searches AD for user accounts with an expiration date in the past. If it finds any, it actually disables them.
# This is the maximum number of accounts that the script may disable in a single run. A safety measure to prevent accidentally disabling users in bulk.
$MaxActions = 10
$LogDir = Join-Path -Path $PSScriptRoot -ChildPath "logs"
New-Item $LogDir -ItemType Directory -ErrorAction SilentlyContinue > $null
$ReportId = Get-Date -Format "yyyyMMdd-HHmmss"
$Users = Get-ADUser -Filter * -Properties SamAccountName, Enabled, AccountExpirationDate | select SamAccountName, Enabled, AccountExpirationDate
&{
ForEach($User in $Users) {
If($User.Enabled -eq $true -and $User.AccountExpirationDate -and ($User.AccountExpirationDate -le (Get-Date))) {
Disable-ADAccount -Identity $User.SamAccountName
"$($User.SamAccountName) has expired on $($User.AccountExpirationDate) and has been disabled."
$MaxActions--
If($MaxActions -eq 0) {
"Maximum number of actions reached for this run. Quitting..."
Break
}
}
}
} *>&1 | Tee-Object -FilePath (Join-Path -Path $LogDir -ChildPath "log-$ReportId.txt")