AD User Cleanup Script

A PowerShell script to identify and disable inactive AD users.

January 3, 2026 · 1 min · Alfred van Ster

This script scans the ‘Users’ OU and disables accounts that haven’t logged in for 90 days.

# Get inactive users
$date = (Get-Date).AddDays(-90)
Get-ADUser -Filter 'LastLogonDate -lt $date' | Disable-ADAccount

Note: Always run this in -WhatIf mode first!