Home ยป Dsquery ยป Dsquery to Find Inactive Users in Active Directory

Dsquery to Find Inactive Users in Active Directory

by

Use the dsquery user command with an inactive parameter to find inactive user accounts in the active directory.

dsquery user command has an inactive parameter -inactive <NumberOfWeeks> that searches for users who have been inactive or stale for a specified number of weeks.

User accounts become inactive or stale accounts if there is no logon within the specified period.

In this article, we will discuss how to use the dsquery user command to find inactive user accounts in the active directory and users inactive for 90 days using the dsquery command.

Table of Contents hide
1 Find inactive users using the dsquery command
2 Conclusion

Find inactive users using the dsquery command

Use the dsquery user command to search for inactive user accounts in the active directory using the inactive parameter and the number of weeks specified with the inactive parameter.

To find inactive accounts using dsquery follow the below steps:

  • Step 1: Use the dsquery user command
  • Step 2: Use the inactive parameter and specify the number of weeks
  • Step 3: Use a limit parameter with the value 0 to list all inactive user accounts in the directory.
dsquery user -inactive 1 -limit 0 | dsget user -fn -ln -display

The output of the above dsquery user command is:

dsquery to find inactive users
dsquery to find inactive users

It can be seen in the above output, that inactive parameters use 1 value to search for inactive user accounts in the directory who has not been active for 1 week.

dsget user command displays inactive user account first name, last name, and user display name.

Cool Tip: How to use the dsquery * command to get user last logon!

To find users inactive for 90 days, use the dsquery user command with an inactive period of 13 weeks (~91 days).

dsquery user -inactive 13 -limit 0 | dsget user -fn -ln -display

The output of the above dsquery command to find inactive user accounts example is:

C:\Windows\system32>dsquery user -inactive 13 -limit 0 | dsget user -fn -ln -display
  fn     ln       display
  Tom    Smith    Tom Smith
dsget succeeded

C:\Windows\system32>

Cool Tip: How to use dsquery to find disabled user accounts in the active directory!

Conclusion

I hope the above article on how to find inactive user accounts in the directory using the dsquery user command is helpful to you.

Use the dsget user command to display the properties of a user in the active directory.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.