# encoding: ascii # api: powershell # title: Remove Disabled AD Users # description: This script is a simple one that is meant to be scheduled on a periodic basis (we do it weekly). It looks inthe OU where we put our disabled AD users and removes users that have not logged in (inactive) for 400 days. This allows us to keep terminated employees disabled users for over a year for auditing purposes, but automatically cleans them out once the annual scope has passed. # version: 400.00 # type: module # author: DrDrewl # license: CC0 # x-poshcode-id: 6129 # x-archived: 2016-07-13T12:27:27 # x-published: 2016-12-04T10:11:00 # # import-module ActiveDIrectory search-adaccount -searchbase "ou=UserObjectsPendingDeletion,DC=mydomain,DC=com" -Accountinactive -Timespan 400.00:00:00 | where {$_.objectclass -eq 'user'} | remove-aduser -confirm:$false