Could someone help me find disabled accounts from AD within a specific timeframe?
For example, I can run a script that shows me the last 30 days, 60 , 90 whatever
Search-ADAccount -SearchBase "DC=A,DC=B,DC=C,DC=X" -AccountDisabled -UsersOnly | Get-ADUser -Properties whenChanged | Where whenChanged -gt (Get-Date).AddDays(-60) | Export-CSV “C:\Disabledusers60.CSV” –NoTypeInformation
The problem is that this way I would see the present ones from January 2022 as well, and my idea is to be able to run a specific date, so in the end of February to have a list of disabled users between 1st of December- 31th of Dec. Then on March to have the list from 1st of January till 31th January and so on.
That way will not pull out from AD last 60 days including the disabled accounts from the current month.
Sorry for the big thread explanation, hopefully, someone could bring some light here.
This should give you a list of AD Users which are Disabled and their WhenChanged attribute is between the first and last day of the Month.
$today = [datetime]::Today
$firstDay = [datetime]::new($today.Year, $today.Month, 1, 0, 0, 0)
$lastDay = $firstDay.AddMonths(1).AddSeconds(-1)
$params = @{
SearchBase = 'OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM'
Properties = 'whenChanged'
LDAPFilter = -join @(
'(&'
'(userAccountControl:1.2.840.113556.1.4.803:=2)'
'(whenChanged>={0:yyyyMMddHHmmss.0Z})' -f $firstDay
'(whenChanged<={0:yyyyMMddHHmmss.0Z})' -f $lastDay
')'
)
}
Get-ADUser @params | Export-Csv ...
If you need to query a different time range you would need to update the variables $firstDay and $lastDay, for example, for September 2021:
$firstDay = [datetime]::new(2021, 9, 1, 0, 0, 0)
$lastDay = [datetime]::new(2021, 10, 1, 0, 0, 0).AddSeconds(-1)
# 10 => Being the next Month and .AddSeconds(-1) for
# the last second of the Previous Month (9)
# If this was for the Month of December:
# [datetime]::new(2022, 1, 1, 0, 0, 0).AddSeconds(-1)