Active Directory Users Computers Statistics

Active Directory Users Computers Statistics

Hello,

If you administer an Active Directory domain, you may want to know about some statistics of it. Like the total number of users, how many of them are disabled, password expire, used to be an admin ?Hereunder a few hints about how to find those numbers.

Disable Objects

You can see the disabled objects in your AD domain with:

Search-ADAccount -AccountDisabled

Expired Object

You can see the expired objects in your AD domain with:

Search-ADAccount -AccountExpired

Expiring Objects

You can see the expiring objects in your AD domain with:

Search-ADAccount -AccountExpiring

Locked Objects

You can see the lockedout objects in your AD domain with:

Search-ADAccount -LockedOut

Password Expired Objects

You can see the password expired objects in your AD domain with:

Search-ADAccount -PasswordExpired

Password Never Expires Objects

You can see the password never expires objects in your AD domain with:

Search-ADAccount -PasswordNeverExpires

Active Directory Users Computers Statistics

If we put those lines all together, we can have a nice report about statistics for users and computers inside the current AD domain:

New-Object -TypeName PSObject -Property @{
    DisabledUser       = @(Search-ADAccount -AccountDisabled -UsersOnly).Count
    ExpiredUser        = @(Search-ADAccount -AccountExpired -UsersOnly).Count
    ExpiringUser       = @(Search-ADAccount -AccountExpiring -UsersOnly).Count
    LockedUser         = @(Search-ADAccount -LockedOut -UsersOnly).Count
    PwdExpiredUser     = @(Search-ADAccount -PasswordExpired -UsersOnly).Count
    PwdNeverExpireUser = @(Search-ADAccount -PasswordNeverExpires -UsersOnly).Count

    DisabledComputer       = @(Search-ADAccount -AccountDisabled -ComputersOnly).Count
    ExpiredComputer        = @(Search-ADAccount -AccountExpired -ComputersOnly).Count
    ExpiringComputer       = @(Search-ADAccount -AccountExpiring -ComputersOnly).Count
    LockedComputer         = @(Search-ADAccount -LockedOut -ComputersOnly).Count
    PwdExpiredComputer     = @(Search-ADAccount -PasswordExpired -ComputersOnly).Count
    PwdNeverExpireComputer = @(Search-ADAccount -PasswordNeverExpires -ComputersOnly).Count

    TotalUser     = @(Get-ADUser -Filter *).Count
    TotalComputer = @(Get-ADComputer -Filter *).Count
}
Active Directory Users Computers Statistics

Active Directory Users Computers Statistics

Note: If you payed attention, I added a switch each time I used the “Search-ADAccount” cmdlet to search only for users or computers.

I also added Get-ADUser and Get-ADComputer to get the total number of users and computer inside the current domain, to put the statistics in perspective.

 

Leave a Reply