To find deleted AD Users you can use this Powershell command:
get-adobject -Filter {Deleted -eq $true -and ObjectClass -eq "user" -and ObjectClass -ne "computer" } -IncludeDeletedObjects -property * | Format-List LastKnownParent,DisplayName,samaccountname
Lets say you only want to get the accounts that were deleted in the last 42 days? Just used whenChanged attribute and use the actual date minus 42 Days.
get-adobject -Filter {Deleted -eq $true -and ObjectClass -eq "user" -and ObjectClass -ne "computer" } -IncludeDeletedObjects -property * | where { $_.whenChanged -ge (Get-Date).AddDays(-42) } |Format-List LastKnownParent,DisplayName,samaccountname,whenchanged
That´s to much? You just want users from a specified OU like OU=Users,OU=Germany,DC=timsdomain,DC=com? And that should be saved into a file? Ok lets add the LastKnownParent and just >c:\DeletedUsersDE.txt at the end to get this!
get-adobject -Filter {Deleted -eq $true -and ObjectClass -eq "user" -and ObjectClass -ne "computer" -and LastKnownParent -eq "OU=Users,OU=Germany,DC=timsdomain,DC=com" } -IncludeDeletedObjects -property * | where { $_.whenChanged -ge (Get-Date).AddDays(-42) } |Format-List LastKnownParent,DisplayName,samaccountname,whenchanged >c:\DeletedUsersDE.txt
No comments:
Post a Comment