My task is to identify, document in csv file & disable user accounts. The criteria for selecting these accounts is:
1. From a specifice OU
2. LastLoginDate is greater than 90 days (not passwordlastset)
3. User account must have specific employeeType extensionAttributes (-like "T", -like "E", -like "C", etc.)
4. Account is currently Active
Below is what I have so far. I am a NEWBIE & know that there are multiple issues with this script. Although the script is pulling the user accounts with the correct employeeID, the lastlogondates are not just the ones that are greater than 90 days.
$date = get-date -Format "yyyyMMddmm"
$90days = (get-date).AddDays(-90)
Get-ADUser -SearchScope Subtree -SearchBase "OU=MyDomain" `
-Filter { ( lastlogondate -le $90days) -And (employeeType -like "T") -Or (employeeType -like "C") -And (enabled -eq $True)} `
-Property name, SurName, givenName, employeeType, employeeID, lastlogondate, passwordlastset | `
Select name, SurName, givenName, employeeType, employeeID, lastlogonDate, passwordlastset | `
Export-Csv -path C:\MYFiles\Dormant_Report_$Date.csv -NoClobber -NoTypeInformation
The next issue is that I need to disable the user accounts that are produced and saved in the csv file. I spend quite a few hours trying to disable the user accounts from the csv file using Get-Content then ForEach with no success.