Reporting on AD users
Managing the Active Directory is an important albeit time-consuming task. Discovering a user account that has not been used for a reasonable period or a user that has membership in a privileged account (for example, enterprise administrators) could represent security risks to the organization. Regular reporting can help to place a focus on accounts that could be usefully de-activated. That could mean the account being removed from a security group or removed altogether.
This recipe creates a report of users, computers, and privileged group membership and displays this report on the console.
This recipe, which you run on
DC1, reports on users with possible issues: a user hasn't logged on for a while, has made a ...