search

AsBuiltReport / AsBuiltReport.Microsoft.AD

Repository for AsBuiltReport Microsoft Active Directory module
https://techmyth.blog/posts/homelab-ad-doc-using-asbuiltreport/
MIT License
63 stars 18 forks source link

HealthCheck - Remove Inactive AD Admin Accounts #100

Closed rebelinux closed 1 year ago

rebelinux commented 1 year ago

Unused or underutilized accounts in highly privileged groups, outside of any break-glass emergency accounts like the default Administrator account, should have their AD Admin privileges removed.

Get-ADGroupMember 'Administrators' -Recursive | Get-ADUser -property SAMAccountName,DisplayName,LastLogonDate,PasswordLastSet,Description,Created, UserPrincipalName | Where-Object {($.LastLogonDate -le (Get-Date).AddDays(- 30)) -AND ($.PasswordLastSet -le (Get-Date).AddDays(-365))}