Finding expired computers and disabled users in AD

The objects in your AD database—the users, computers, groups, OUs, policies, and so on, are constantly changing in almost all organizations. Users leave, computers die, OUs and policies are added/removed/renamed, and so on. Change is constant!

A side effect of this change is having orphaned objects: users who are no longer part of your organization, or computers that no longer actually exist physically. You can also find you have objects that may be valid but have not been used for a long time.

Those accounts represent a potential security risk. An unused user account, for example, due to a user leaving and their account not being removed, can represent a threat vector. Suppose Ruth in the accounting ...

Get Windows Server 2019 Automation with PowerShell Cookbook - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.