Posted by: Colin Smith
AD, Administration, Audit, Automation, Powershell
I have mentioned this before but I have finally done what I set out to do and re-wrote my old vbscript that audits AD Accounts based on Create Date and Last LogonDate in Powershell. This is another great example of how much better powershell is and why everyone should now it. My VB Script was just under 800 lines of code and that was without many comments that documented the process. Now I feel that documenting scripts is very important. This is because I have had to try to fix other peoples scripts when they did not document it well and it is not fun. My powershell version of the same script with added functionality as well as over 100 lines of comments is only just over 400 lines. That means that I was able to remove about 500 lines of actual code from the script as well as add functionality to the script.
I will break the script down and post each one of the functions with a good explanation of each in my next few posts. It is a very cool script and it could be added to and customized to fit any situation that you may need. My version is based on my companies policy of disabling an account after 90 days of inactivity and deleting the account after 180 days of inactivity. My company runs the script weekly and the script sends out emails about the accounts that have been disabled and deleted to the needed personal so that the appropriate paperwork can be completed for those accounts. The script is soon to be posted. I am still testing but I will have it very soon.