Is there a script that can be used for AD that will allow me to find old accounts that haven't been logged in to for a while, so i can make sure the accounts are disabled.

Hi, This forum is for Exchange questions, so I would recommend that you ask in the Directory Services or Windows PowerShell Forum With that said, If you have "Active Directory Module for Windows Powershell" installed, a good starting point would be to use the cmdlet Search-Adaccount.Martina Miskovic

Multiple methods but Richard Mueller DS MVP has a bunch of good scripts. http://www.rlmueller.net/Last%20Logon.htmJames Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Is this for user or computer accounts? Regardless, the dsquery command will give you a rough idea. The commands below will show, respectively, user and computer accounts that have not logged on for 12 weeks: dsquery user domainroot -inactive 12 dsquery computer domainroot -inactive 12 What is your domain functional level? dsquery uses the LastLogonTimeStamp attribute which IS replicated to all domain controllers (as opposed to the LastLogon attribute). But that attribute is only used in W2K3 DFL (and above presumably). A word of caution: the attribute in question replicates weekly so it can be "off" by as much as 7 days (according to Joe Richards, I have also seen 14 days). So as I said, a rough idea. Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

Yes, the -AccountInactive switch: * Specifies to search for accounts that have not logged in within a given time period or since a specified time. To specify a time period, use the TimeSpan parameter. To specify a specific time, use the DateTime parameter. Note that this attribute is only used when the domain is in Windows Server 2003 Domain Functional Level, so this parameter will only work in that mode. The following example shows how to set this parameter to search for accounts that have been inactive for the past 10 days. -AccountInactive -TimeSpan 10 The following example shows how to set this parameter to search for accounts that have been inactive since July 16, 2008 at 12:00 AM. -AccountInactive -DateTime "7/16/2008" Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

Here is a finished script you might use http://www.ericwoodford.com/powershell-script-2-getting-last-logon-date-exchange-mailboxes (oh be sure to disable real users only)

Hi Raynard Any update on this thread, Did you try the Script they provide? CheersZi Feng TechNet Community Support