Tuesday, October 8, 2013

Quick Audit of Active Directory OUs Users


$splat=$null
$Splat = @()
$95days = (get-date).adddays(-95)
$AlltheOus=Get-ADOrganizationalUnit -filter * -SearchBase "OU=Humans,DC=coolkids,DC=local" -Properties CanonicalName
foreach($OU in $AlltheOus) {
  $objectCount=(Get-adobject -Filter * -SearchBase $ou.distinguishedname -searchscope Onelevel|Measure-Object).count
  $u=Get-ADUser -filter * -searchbase $ou.distinguishedname -Properties passwordneverexpires,passwordlastset -searchscope Onelevel
  $total=($u | measure-object).count
  $Enabled=($u | where {$_.Enabled} | Measure-Object).count
  $Disabled=$total-$Enabled
  $nonExpirePassword=($u | where {$_.passwordneverexpires} | Measure-Object).count
  $passwordolder90=($u | where {$_.passwordlastset -lt $95days} | Measure-Object).Count
 $Splat +=  New-Object psobject -Property @{
    Name=$ou.CanonicalName;
    TotalObjects=$objectCount;
    TotalUsers=$Total;
    Enabled=$Enabled;
    Disabled=$Disabled;
    PasswordNonExpire=$nonExpirePassword;
    Password90days=$passwordolder90;
    OU=$OU.Distinguishedname
    }
}

$splat | Select-Object Name,TotalObjects,TotalUsers,Enabled,Disabled,PasswordNonExpire,Password90days,OU | Sort-Object name| export-csv C:\temp\QuickOUAudit.csv -NoTypeInformation -force

1 comment:

Unknown said...

Thanks, It's great powershell script to audit of Active Directory OUs Users but I already tried automate active directory auditing solution (http://www.lepide.com/lepideauditor/active-directory.html) which helps to audit changes in objects including users, computers, domain, Updation , Moving of active directory.