Bobel's Active Directory, Identity, Access & SaaS Blog » PowerShell AD CMDLETS http://www.bobbobel.com "Anyone can hold the helm when the sea is calm." - Syrus Publilius Thu, 09 Sep 2010 15:03:42 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Use PowerShell to easly find Obsolete Accounts http://www.bobbobel.com/use-powershell-to-easly-find-obsolete-accounts/ http://www.bobbobel.com/use-powershell-to-easly-find-obsolete-accounts/#comments Thu, 15 Jul 2010 15:14:21 +0000 Bob Bobel http://www.bobbobel.com/?p=930 One of the great new capabilities new to ActiveRoles AD CMDLETS version 1.4 is the ability to define criteria for how you want to identify obsolete or inactive accounts. You define the criteria as an “InactiveAccountsPolicy” that can be called from the Get-QADUser cmdlet to list accounts matching the obsolete policy then delete, disable or if you own ActiveRoles Server execute the Deprovisoning policy.

 

Set-QADInactiveAccountsPolicy

 Set the current user preference on what accounts to consider inactive by default.

Syntax

Set-QADInactiveAccountsPolicy [-AccountExpiredPeriod <Int32>] [-PasswordNotChangedPeriod <Int32>] [-AccountNotLoggedOnPeriod <Int32>]

Parameters

AccountExpiredPeriod

Use this parameter to specify the number of days after which an expired account is considered inactive by default. Thus, an account is considered inactive if the account remains in the expired state for more days than specified by this parameter.

AccountNotLoggedOnPeriod

Use this parameter to specify the period, in days, that an account is not used to log on, after which the account is considered inactive by default. Thus, an account is considered inactive if no successful logons to that account occur for more days than specified by this parameter.

PasswordNotChangedPeriod

Use this parameter to specify the password age, in days, after which an account is considered inactive by default. Thus, an account is considered inactive if the password of the account remains unchanged for more days than specified by this parameter.

Detailed Description

Use this cmdlet to specify the default conditions that must be met for a user or computer account to be considered inactive. The inactivity conditions are specific to the current user, and have an effect on the cmdlets that support the Inactive parameter (such as Get-QADUser or Get-QADComputer). If no account-inactivity related parameters other than Inactive are supplied, then the Inactive parameter retrieves the accounts that meet the conditions defined by this cmdlet. To view the inactivity conditions that are currently in effect, use the Get-QADInactiveAccountsPolicy cmdlet.

 

Get-QADInactiveAccountsPolicyView the current user preference on what accounts to consider inactive by default.

 

Syntax

Get-QADInactiveAccountsPolicy

Detailed Description

Use this cmdlet to examine the settings that were specified by using Set-QADInactiveAccountsPolicy, and are in effect for the current user session. These settings specify the default conditions that must be met for a user or computer account to be considered inactive. The inactivity conditions are specific to the current user, and have an effect on the cmdlets that support the Inactive parameter (such as Get-QADUser or Get-QADComputer). If no account-inactivity related parameters other than Inactive are supplied, then the Inactive parameter retrieves the accounts that meet the conditions defined by the AccountExpiredPeriod, AccountNotLoggedOnPeriod, and PasswordNotChangedPeriod settings that you can examine using this cmdlet. For details regarding each of these settings, see the corresponding parameter description for the Set-QADInactiveAccountsPolicy cmdlet.

 

 

 

 

Set-QADInactiveAccountsPolicy

Post to Twitter

]]> http://www.bobbobel.com/use-powershell-to-easly-find-obsolete-accounts/feed/ 4 AD CMDLETS 1.4 now live! http://www.bobbobel.com/ad-cmdlets-1-4-now-live/ http://www.bobbobel.com/ad-cmdlets-1-4-now-live/#comments Thu, 15 Jul 2010 14:07:16 +0000 Bob Bobel http://www.bobbobel.com/?p=928 The 1.4 version of the ActiveRoles AD CMDLETS went live a few moments ago and you can download them here http://www.quest.com/powershell/activeroles-server.aspx.

Post to Twitter

]]> http://www.bobbobel.com/ad-cmdlets-1-4-now-live/feed/ 0 New: ActiveRoles AD CMDLETS v1.3 http://www.bobbobel.com/new-activeroles-ad-cmdlets-v1-3/ http://www.bobbobel.com/new-activeroles-ad-cmdlets-v1-3/#comments Wed, 25 Nov 2009 15:07:52 +0000 Bob Bobel http://www.bobbobel.com/?p=729 Along with the release of ActiveRoles Server 6.5 we have also updated the Active Directory PowerShell CMDLETS. This release will continue to work with the supported versions of Active Directory as it has in the past. When you are using PowerShell with ActiveRoles Server it is only compatible with ActiveRoles Server version 6.5 and no other.

Two things of which you should be aware regarding AD CMDLETS & ActiveRoles Server:

1) If you try to install the 1.3 version of the cmdlets on a server running any version other than 6.5 you will get an error that warns you of the incompatibility.

2) If you try using the 1.3 version of the cmdlets to connect to a server running any version other than ActiveRoles Server 6.5 you will recieve an error.

To download the new version go to: http://www.quest.com/powershell/activeroles-server.aspx

Post to Twitter

]]> http://www.bobbobel.com/new-activeroles-ad-cmdlets-v1-3/feed/ 1