locked
Stale accounts on Azure AD RRS feed

  • General discussion

  • Hi All

    We are trying to find a way where we can collect inactive users for 6 months on Azure AD and disable them in the Azure AD. We have tried some scripts but still no luck.  Does any one has any tricks or idea for this?

    Regards,

    Harsha

     


    • Edited by lusha_76 Wednesday, April 29, 2020 9:49 AM
    Wednesday, April 29, 2020 9:48 AM

All replies

  • <# 
    .SYNOPSIS 
    Check for stale Azure, Guest, or B2B accounts 
     
    .PARAMETER Credential 
    Specify a credential to use when connecting to Azure AD. 
     
    .PARAMETER InstallRequiredModules 
    This script requires the Get-AzureADPolicy cmdlet, which is only available in 
    the AzureADPreview module.  If the module is not installed or not available, 
    you can use either the MaxInactiveTime parameter or use the default of 90 days 
     
    .PARAMETER Logfile 
    Log events for script execution. 
     
    .PARAMETER MaxInactiveTime 
    Use this parameter to specify the MaxInactiveTime value for your tenant. This is 
    token refresh value.  The default value for Azure Active Directory is 90 days. 
    You cannot view, add, or modify an Azure AD policy without the AzureADPreview 
    module.  If you do not want to install the module, you can use the default for  
    this parameter or specify your own value. 
     
    .PARAMETER Output 
    Specify the output file listing stale acccounts. 
     
    .PARAMETER StaleAgeInDays 
    Use this parameter to specify how many days past the refresh token an account 
    can be inactive before marking it stale. 
     
    .EXAMPLE 
    .\Get-AzureADStaleUsers.ps1 -MaxInactiveTime 30 -StaleAgeInDays 180 
    Return all objects that have not generated a refresh token in 210 days. 
    #>
    Wednesday, April 29, 2020 11:03 AM