This PowerShell script, Inactive-AD-Account-Handler.ps1
, automates the management of Active Directory (AD) user accounts. It identifies accounts that have been inactive for a specified period, disables those accounts, moves them to a designated Organizational Unit (OU), and generates a report detailing the actions taken. This script aids administrators in maintaining security and organizational efficiency by automating the lifecycle management of user accounts.
- Customizable Inactivity Threshold: Set a custom threshold for inactivity to identify inactive accounts.
- Exclusion List: Specify OUs from which users should not be disabled, protecting critical accounts.
- Email Reporting: Automatically generate and send reports detailing disabled accounts and encountered errors.
- Logging: Maintain detailed logs of actions taken and errors encountered for audit purposes.
Before running this script, ensure you have:
- PowerShell 5.1 or later.
- Active Directory PowerShell module.
- Required permissions for AD operations and email sending.
- Download the Script: Clone this repository or directly download the
Inactive-AD-Account-Handler.ps1
file. - Install Active Directory PowerShell Module:
Install-Module -Name ActiveDirectory
- Set Execution Policy: Enable script execution with:
Set-ExecutionPolicy RemoteSigned
The script's behavior can be customized by adjusting parameters within the $Config
hashtable in the script. Below is a description of each configuration option:
OUsToInclude
: Specifies the Organizational Units (OUs) from which users will be evaluated. Example:@("OU=Users,DC=example,DC=com")
.OUsToExclude
: OUs that should be excluded from the script's operations, preventing users within these OUs from being processed. Example:@("OU=VIP,DC=example,DC=com")
.TargetOU
: The Organizational Unit to which disabled accounts will be moved. Specify the LDAP path. Example:"OU=DisabledAccounts,DC=example,DC=com"
.InactiveDaysThreshold
: Number of days of inactivity after which a user account is considered inactive and subject to processing. Example:15
.DisableNeverLoggedOn
: If set to$true
, accounts that have never logged on will be disabled. Set to$false
to skip this action.WhatIfMode
: Enables a simulation mode where no changes are made to Active Directory. Useful for planning and testing. Set to$false
to apply changes.DomainControllersToExclude
: Specifies domain controllers to exclude from the script's operations, useful in large environments or when certain DCs are unreachable. Example:@("DC01.example.com", "DC02.example.com")
.SMTPServer
: The address of the SMTP server used for sending email notifications. Example:"smtp.example.com"
.SMTPPort
: The port used by the SMTP server. Common ports are 587 for TLS/StartTLS and 465 for SSL.UseSSL
: Specifies whether SSL/TLS is used for the SMTP connection. Set to$true
for SSL/TLS.SMTPUsername
andSMTPPassword
: Credentials for SMTP server authentication. Consider securely handling the password.FromEmail
andToEmail
: Email addresses for the sender and recipient(s) of the report, respectively.EmailSubject
: Subject line for the email report sent by the script.ReportRetentionCount
: The number of recent reports to retain. Older reports beyond this count will be deleted.GeneralLogPath
andErrorLogPath
: Specifies paths for general and error logs, respectively, aiding in troubleshooting and audit.
Ensure to review and adjust these settings according to your environment's requirements and security policies.
Issue: Script does not execute due to execution policy restrictions.
Solution: Ensure you've set the execution policy to allow script execution with Set-ExecutionPolicy RemoteSigned
.
Issue: Email reports are not being sent. Solution: Verify SMTP server details, and ensure the executing account has permission to send emails through the specified server.
Your contributions are welcome! To contribute:
- Fork this repository.
- Create a feature branch:
git checkout -b feature/YourFeature
- Commit your changes:
git commit -am 'Add some feature'
- Push to the branch:
git push origin feature/YourFeature
- Submit a pull request.
This script is open-source under the MIT License, permitting free use, modification, and distribution with appropriate credit.
This script is provided "as is", with no warranties. Always test in a development environment before deploying to production.
For support, feature requests, or to report bugs, please open an issue in the GitHub repository.