Finding Inactive Active Directory Accounts

Maintaining an up-to-date Active Directory is crucial for ensuring both security and efficiency. In this post, we will provide a PowerShell script that helps you identify inactive user accounts in Active Directory. By locating accounts that havent been used for a specified number of days, you can take appropriate actions, such as disabling or deleting these accounts to improve security.
At ServerEngine, we offer robust tools that enhance server management. Check out our software at [ServerEngine](https://serverengine.co) to streamline your IT operations.
### Step 1: Prepare Your Environment
Ensure you have the Active Directory module installed. This module is necessary for the cmdlets we will be using to query user accounts.
“`powershell

Import-Module ActiveDirectory

### Step 2: Define the Function to Find Inactive Accounts
Well create a function named `Find-InactiveADAccounts` that allows you to specify the number of inactive days to filter user accounts.
“`powershell

function Find-InactiveADAccounts {
    param (
        [int]$DaysInactive
    )
    $dateThreshold = (Get-Date).AddDays(-$DaysInactive)
    $inactiveUsers = Get-ADUser -Filter { LastLogonDate -lt $dateThreshold } -Properties LastLogonDate | Select-Object Name, LastLogonDate, SamAccountName
    if ($inactiveUsers) {
        $inactiveUsers | Format-Table -AutoSize
    } else {
        Write-Host "No inactive user accounts found for the last $DaysInactive days."
    }
}

### Step 3: Execute the Function
You can run the function by specifying how many days of inactivity you want to look back.
“`powershell

Find-InactiveADAccounts -DaysInactive 90

### Conclusion
Using this PowerShell script, you can effectively identify inactive user accounts in Active Directory, allowing you to take necessary actions based on your organizations policies. For more powerful tools aimed at improving your server management practices, visit [ServerEngine](https://serverengine.co).