Tuesday, October 8, 2013

Quick Audit of Active Directory OUs Users 


$splat=$null
$Splat = @()
$95days = (get-date).adddays(-95)
$AlltheOus=Get-ADOrganizationalUnit -filter * -SearchBase "OU=Humans,DC=coolkids,DC=local" -Properties CanonicalName
foreach($OU in $AlltheOus) {
  $objectCount=(Get-adobject -Filter * -SearchBase $ou.distinguishedname -searchscope Onelevel|Measure-Object).count
  $u=Get-ADUser -filter * -searchbase $ou.distinguishedname -Properties passwordneverexpires,passwordlastset -searchscope Onelevel
  $total=($u | measure-object).count
  $Enabled=($u | where {$_.Enabled} | Measure-Object).count
  $Disabled=$total-$Enabled
  $nonExpirePassword=($u | where {$_.passwordneverexpires} | Measure-Object).count
  $passwordolder90=($u | where {$_.passwordlastset -lt $95days} | Measure-Object).Count
 $Splat +=  New-Object psobject -Property @{
    Name=$ou.CanonicalName;
    TotalObjects=$objectCount;
    TotalUsers=$Total;
    Enabled=$Enabled;
    Disabled=$Disabled;
    PasswordNonExpire=$nonExpirePassword;
    Password90days=$passwordolder90;
    OU=$OU.Distinguishedname
    }
}

$splat | Select-Object Name,TotalObjects,TotalUsers,Enabled,Disabled,PasswordNonExpire,Password90days,OU | Sort-Object name| export-csv C:\temp\QuickOUAudit.csv -NoTypeInformation -force
Posted by at 1 comment:
Labels: , ,
Subscribe to: Posts (Atom)