I don’t know it this helps, but I’m using Search-ADAccount with the –AccountInactive parameter piped to Disable-ADAccount:
Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 -UsersOnly -SearchBase "ou=BlahBlah,dc=somedomain,dc=net" -SearchScope OneLevel | disable-adaccount In my case this is not very dangerous because the OU it’s run against only contains alternate accounts we’ve given people to use on PCI-compliant computers. I’m not sure what criteria the –AccountInactive parameter uses, though you would thing lastlogon or lastlogontimestamp. In any case, you could run that command against the user(s) in question to see what you get. *From:* [email protected] [mailto: [email protected]] *On Behalf Of *Heaton, Joseph@Wildlife *Sent:* Monday, September 21, 2015 3:13 PM *To:* '[email protected]' <[email protected]> *Subject:* [NTSysADM] RE: Question about OWA authentication So, you’re saying that logging into OWA will not update either of the Last Logon attributes? Makes sense with what I’m seeing. However, it makes it difficult to track if a user account is still valid. Any other methods of seeing if the user is valid, aside from reaching out to the supervisor? *From:* [email protected] [ mailto:[email protected] <[email protected]>] *On Behalf Of *Michael B. Smith *Sent:* Monday, September 21, 2015 10:37 AM *To:* [email protected] *Subject:* [NTSysADM] RE: Question about OWA authentication OWA or any web logon is not the same as an interactive logon. *From:* [email protected] [ mailto:[email protected] <[email protected]>] *On Behalf Of *Heaton, Joseph@Wildlife *Sent:* Monday, September 21, 2015 7:58 AM *To:* NT System Admin Issues Discussion list *Subject:* [NTSysADM] Question about OWA authentication Our organization uses a customized Office 365 installation, due to working for the State of California. My question is how logging into OWA affects the Last Logon/Last Logon Timestamp attribute. I have users who are showing up on my Inactive Users report, and I want to make sure that I don’t disable an account that really is being used. One particular user has a Last Logon Timestamp of 8/6/2014, but his account was just renewed for another year in August of this year. So, is it possible that this user only accesses OWA for e-mail, and never logs into a domain computer? I’ve been finding conflicting info on the internet. Thanks, Joe Heaton Information Technology Operations Branch Data and Technology Division CA Department of Fish and Wildlife 1700 9th Street, 3rd Floor Sacramento, CA 95811 Desk: (916) 323-1284 Every Californian should conserve water. Find out how at: [image: SaveOurWater_Logo] <http://saveourwater.com/> SaveOurWater.com <http://saveourwater.com/> · Drought.CA.gov <http://drought.ca.gov/>
