我知道如何获取 ADUser 的最后登录信息,但我真正想知道的是哪些 OU 在过去 90 天内没有用户登录。AD 有数百个公司 OU 中的数千名用户,我想知道哪些 OU 处于非活动状态。谢谢。
答案1
$Date = Get-Date
$Date90 = $Date.AddDays(-90)
$OUs = Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase 'OU=XX Users,DC=XXX,DC=XXX'
# Check each OU.
ForEach ($OU In $OUs)
{
$Base = $($OU.DistinguishedName)
# Query for all users directly in the OU that have logged on in the last specified number of days.
# Do not consider any child OUs.
$ActiveUsers = Get-ADUser -SearchBase $Base -SearchScope OneLevel -Filter {LastLogonDate -ge $Date90}
If ($ActiveUsers.Count -eq 0)
{
# Make sure the OU has at least one user.
$TotalUsers = Get-ADUser -SearchBase $Base -SearchScope OneLevel -Filter *
If ($TotalUsers.Count -gt 0) {"OU $Base has no users that have logged on in the last 90 days"}
}
}