There is no formula that tells an Active Directory administrator when or how to perform certain actions. Some feel that manual actions are best, while others feel that automation is the only way, and the rest falling somewhere in between. I think the reality is that if a job is completed in a reasonable amount of time and the result is 100 percent correct, the approach was effective.
The point is, some methods provide helpful options that others fail to give. For example, let’s say that you need a list of user accounts that have not logged on for over 90 days so that you can disable them. The caveat is that you don’t want to have to sift through user accounts that are already disabled, or user accounts that have never logged on.
If you use Active Directory users and computers, you can use a saved query, which provides you with only one of these options at a time. It gives you an option for the time since the last log on and disabled user accounts, but not an option for user accounts that have never logged on, as you can see in Figure 1.
Figure 1. Saved query options for user accounts.
You could also build a PowerShell command to show the results. But after an exhaustive search for the exact example, I gave up. I found many options related to different combinations of our scenario, but nothing that was exactly the same. This means that you would need to try and combine the commands to achieve the desired results, with numerous trials and errors to ensure that the command actually works.
” target=”_blank” rel=”noopener”>Watch how ADManager Plus simplifies tracking and managing inactive AD accounts. Try it yourself | Download Free Trial
As an administrator with no time to waste, I prefer a method that is designed to provide this level of detail and numerous options by default. As you can see in Figure 2, ADManager Plus provides any combination of these options with just a few clicks.
Figure 2. ADManager Plus provides easy reporting and actions with custom reports.
As you can see, the results that ADManager Plus provides are easy to read and easy to regenerate with different options configured. After you generate a report in ADManager Plus, you can perform actions on one or more of the objects in the report, as you can see in Figure 3.
Figure 3. On-the-fly actions from user account reports in ADManager Plus.
The actions that need to be performed on user accounts at any given time vary, so creating custom scripts and commands can only get you so far. But ADManager Plus allows you to be agile and efficient, capabilities that are priceless. Give ADManager Plus a try.
