Share via

SharePoint: Generate and report AD account metrics in SharePoint Part 2: Getting more complex AD metrics

  • Article

Article Series

Introduction

In the previous posting in this series, we explored how to generate and report simple Active Directory metrics, such as total number of accounts by type and total number of accounts with mail boxes. In this posting, we will explore how to generate more complex metrics, including:

  • Total number of enabled user accounts
  • Total number of disabled user accounts
  • Total number of user accounts that have been locked out
  • Total number of enabled user accounts that have never logged on

Get Enabled and Disabled User Accounts

The first metric to extract is the total number of enabled user accounts, and then we'll get the total number of disabled user accounts. We already have an array that is composed of user accounts only, namely, $AllUserAccounts. All that needs to be done is to filter this array further based upon the value of the account Enabled property, which is a Boolean. Here again note that a single line of code is all that is needed to extract the desired metric:

# This line gets the total number of user accounts that
# are enabled.
[array]$AllEnabledUserAccounts = $AllUserAccounts | Where-Object {$_.Enabled -eq $True}
$StringToWrite = "Total number of Enabled User accounts: "  + $AllEnabledUserAccounts.Count
Add-Content $FilePathString $StringToWrite
Add-Content $FilePathString ""
 
# This line gets the total number of user accounts that
# are disabled.
[array]$AllDisabledUserAccounts = $AllUserAccounts | Where-Object {$_.Enabled -eq $False}
$StringToWrite = "Total number of Disabled User accounts: " + $AllDisabledUserAccounts.Count
Add-Content $FilePathString $StringToWrite
Add-Content $FilePathString ""

Get Locked Out and Never Logged In User Accounts

The next couple of metrics to explore are the total number of locked out user accounts and the number of user accounts that have never logged in:

# This line gets the total number of enabled users
# accounts that have been locked out.
[array]$AllEnabledLockedUserAccounts = $AllEnabledUserAccounts | Where-Object {$_.LockedOut -eq $True}
$StringToWrite = "Total number of Enabled User accounts that are locked out: " + $AllEnabledLockedUserAccounts.Count
Add-Content $FilePathString $StringToWrite
Add-Content $FilePathString ""
 
# This line gets the total number of enabled users
# that have never logged in.
[array]$AllEnabledUserAccountsNeverlogon = $AllEnabledUserAccounts | Where-Object {$_.LastLogonDate -eq $NULL}
$StringToWrite = "Total number of Enabled User accounts that have never logged on: " + $AllEnabledUserAccountsNeverlogon.Count
Add-Content $FilePathString $StringToWrite
Add-Content $FilePathString ""

Summary

In this posting, we have explored how to generate more complex metrics. These more complex metrics build upon the metrics already extracted previously. In the next posting, we'll complete our exploration of how to generate metrics by learning how to generate the various LastLogonDate categories typically of interest, such as 180, 90, 45, 30 and 14 day logons, to name a few. Extracting LastLogonDate values brings real value to management and your customers, as it provides the raw data on actual system usage that management can use to more effectively perform trend analyses and justify and plan infrastructure budgets.

References

Notes

  • tbd