Skip to content

Active Directory Audit

Published: at 05:28 AM

I am starting to audit AD for my clients every month just to make sure accounts that should be disabled are not enabled. User accounts of old employees or shared devices such as printers and scanners are easy targets.

I wrote this script to audit AD. It will produce a CSV file that shows the username, the date the account was created, and the last known log-on date.

Get-ADUser -Filter {Enabled -eq $true} -Properties whenCreated,sAMAccountName,LastLogonDate 
| Select-Object sAMAccountName,Name,whenCreated,LastLogonDate | Export-Csv -path 
"c:\\temp\\adaudit.csv" -NoTypeInformation  
$a = "Active users: " + ((Get-ADUser -Filter {Enabled -eq $true}).count | Out-String)  
Out-File -append -filepath "c:\\temp\\adaudit.csv" -inputobject $a -encoding ASCII

You can also add more properties you’d like. Here is the full list-