Active Directory

Active Directory Cleanup Automation with PowerShell

Introduction Stale and unused objects in Active Directory not only clutter your environment but can also create security risks and provisioning errors. Automating cleanup ensures better hygiene and consistent identity lifecycle management. This guide walks through how to use PowerShell to audit and optionally remove inactive AD users and computers. Core Principles 1. Identify Inactive Users and Computers # Users inactive for 90+ days $inactiveUsers = Get-ADUser -Filter * -Properties LastLogonDate | Where-Object { $_.Enabled -eq $true -and $_.LastLogonDate -lt (Get-Date).AddDays(-90) } # Computers inactive for 90+ days $inactiveComputers = Get-ADComputer -Filter * -Properties LastLogonDate | Where-Object { $_.Enabled -eq $true -and $_.LastLogonDate -lt (Get-Date).AddDays(-90) } 🔍 Use -SearchBase to narrow to a specific OU Example: -SearchBase "OU=Workstations,DC=corp,DC=domain,DC=com"

PowerShell
Active Directory
Automation
Security
IT Operations

Monday, March 18, 2024 | 2 minutes Read