-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathreport-aduser.ps1
53 lines (40 loc) · 2.15 KB
/
report-aduser.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
function report-adusers
{
$users = get-aduser -filter *
$users = Foreach ($ADUser in $users) {
$UserInfo = [Ordered] @{}
$UserInfo.SamAccountname = $ADUser.SamAccountName
$Userinfo.DisplayName = $ADUser.DisplayName
$UserInfo.Office = $ADUser.Office
$Userinfo.Enabled = $ADUser.Enabled
$userinfo.LastLogonDate = $ADUser.LastLogonDate
$UserInfo.ProfilePath = $ADUser.ProfilePath
$Userinfo.ScriptPath = $ADUser.ScriptPath
$UserInfo.BadPWDCount = $ADUser.badPwdCount
New-Object -TypeName PSObject -Property $UserInfo
}
$users |ft |out-string
"**disabled users" |out-string
$users | Where-Object {$_.Enabled -NE $true} | Format-Table -Property SamAccountName, Displayname
"`n*** Users Not logged in since $OneWeekAgo`n"
$OneWeekAgo = (Get-Date).AddDays(-7)
$users |Where-Object {$_.Enabled -and $_.LastLogonDate -le $OneWeekAgo} | Sort-Object -Property LastlogonDate |Format-Table -Property SamAccountName,lastlogondate |out-string
"`n*** High Number of Bad Password Attempts`n"
$users | Where-Object BadPwdCount -ge 5 | Format-Table -Property SamAccountName, BadPwdCount | Out-String
"`n*** Privileged User Report`n"
$groups = get-adgroup -filter *
$pu = @()
$groups | %{ $group_name = $_.Name; $pu += Get-ADGroupMember -Identity $group_name -Recursive | select @{Name='Group';expression={$group_name }}, Name,whenCreated, LastlogonDate }
$pu | Sort-Object -Property Group |ft |out-string
"*** Machines not logged on in past month`n"
$AMonthAgo = (Get-Date).AddMonths(-1)
$old_pc = Get-ADComputer -Filter 'lastLogonDate -lt $AMonthAgo'
$old_pc | Format-Table -Property Name, LastLogonDate | Out-String
"*** Users not logged on in past month and enabled`n"
$old_users = get-aduser -filter 'lastLogonDate -lt $AMonthAgo -and Enabled -eq $true'
$old_users | Format-Table -Property Name, LastLogonTimestamp | Out-String
#problem with lastlogondate, LastLogonTimestamp (replecatable)
#https://docs.microsoft.com/ru-ru/archive/blogs/askds/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works
#use ELK
}
report-adusers > report.txt