Closed rebelinux closed 1 year ago
Unused or underutilized accounts in highly privileged groups, outside of any break-glass emergency accounts like the default Administrator account, should have their AD Admin privileges removed.
Get-ADGroupMember 'Administrators' -Recursive | Get-ADUser -property SAMAccountName,DisplayName,LastLogonDate,PasswordLastSet,Description,Created, UserPrincipalName | Where-Object {($.LastLogonDate -le (Get-Date).AddDays(- 30)) -AND ($.PasswordLastSet -le (Get-Date).AddDays(-365))}
Unused or underutilized accounts in highly privileged groups, outside of any break-glass emergency accounts like the default Administrator account, should have their AD Admin privileges removed.
Get-ADGroupMember 'Administrators' -Recursive | Get-ADUser -property SAMAccountName,DisplayName,LastLogonDate,PasswordLastSet,Description,Created, UserPrincipalName | Where-Object {($.LastLogonDate -le (Get-Date).AddDays(- 30)) -AND ($.PasswordLastSet -le (Get-Date).AddDays(-365))}