User Account Status Reporting Script

This PowerShell script generates a report on user account status within Active Directory. It helps system administrators quickly identify locked accounts, accounts that have expired, and users who have been inactive for a specified period. This aids in maintaining security and compliance within an organization.
Step 1: Import the Active Directory Module
First, we need to import the Active Directory module, which is required to access and manage AD user account information.

Import-Module ActiveDirectory

This command loads the Active Directory module into the current PowerShell session, enabling us to use cmdlets like `Get-ADUser`.
Step 2: Define Time Period for Inactivity
Next, we will define the time period for considering an account as inactive. For example, you might want to check for accounts inactive for more than 90 days.

$inactiveDaysThreshold = 90
$cutoffDate = (Get-Date).AddDays(-$inactiveDaysThreshold)

In this step, we calculate the cutoff date by subtracting the defined number of days from the current date. This helps in filtering users who haven’t logged in recently.
Step 3: Retrieve User Accounts and Filter Status
Now, we will retrieve all user accounts and filter them based on various criteria: whether they are locked, expired, or inactive.

$users = Get-ADUser -Filter * -Properties LockedOut, AccountExpirationDate, LastLogonDate
$filteredUsers = $users | Where-Object {
    ($_."LockedOut" -eq $true) -or
    ($_.AccountExpirationDate -ne $null -and $_.AccountExpirationDate -lt (Get-Date)) -or
    ($_.LastLogonDate -lt $cutoffDate -and $_.LastLogonDate -ne $null)
}

In this block, we gather all users along with specified properties. Then we filter the user accounts to find those that are locked out, have expired, or have not logged in since the defined cutoff date.
Step 4: Create and Export the Report
With the filtered list of user accounts, we can create a report and export it to a CSV file for further analysis or record-keeping.

$reportPath = "C:\UserAccountStatusReport.csv"
$filteredUsers | Select-Object Name, LockedOut, AccountExpirationDate, LastLogonDate | Export-Csv -Path $reportPath -NoTypeInformation

This step selects the relevant properties from the filtered user accounts and exports the information to a CSV file located at `C:\UserAccountStatusReport.csv`. The `-NoTypeInformation` parameter prevents type information from being included in the CSV.
Step 5: Notify Completion of the Report Generation
Lastly, we can notify the user that the report has been successfully generated.

Write-Host "User account status report generated successfully at $reportPath"

This command provides a confirmation message indicating the location of the generated report, enhancing user experience by ensuring they know where to find the output.
By following these steps, this PowerShell script streamlines the process of monitoring user account statuses in Active Directory, making it easier for administrators to manage user access while ensuring compliance with security policies.