Powershell, find users that were disabled in the past 14 days only

Question

I have a powershell script that his output is showing me everything that was disabled for the past 14 days. What i'm looking is to change that this script will run from a specific OU and not the whole DC. I want him to show me only the disabled users for the past 14 days from a specific OU.

The script:

$date = (Get-Date).AddDays(-14)

$disabledUsers = Get-ADObject -Filter 'ObjectClass -eq "User" -and whenChanged -ge $sixMonthsAgo -and UserAccountControl -band 2'

$server = Get-ADDomainController

foreach ($disabledUser in $disabledUsers)
{
    Get-ADReplicationAttributeMetadata $disabledUser -Server $server -Properties UserAccountControl |
    Where-Object { $_.AttributeName -eq 'UserAccountControl' } | Select Object, LastOriginatingChangeTime |
    Where-Object { $_.LastOriginatingChangeTime -gt $date }
}

Answer 1

Using the Filter will make it run quickly $date = (Get-Date).AddDays(-14) get-aduser -filter {Enabled -eq $false -and Modified -ge $date } -Properties Modified | select samaccountname,Modified

Answer 2

You should be aware that your current script actually works only if an object has not been modified since it was disabled. But as far as I know, it is the only way without logging specificly userAccountControl attribute modification (and this cannot still log 100% of cases since once disabled, an object can see his userAccountControl modified without enabling it).

Based on "user is never modified after he was disabled" :

Search-ADAccount -SearchBase "OU=myOU,DC=mydom,DC=adds" -AccountDisabled -UsersOnly | Get-ADUser -Properties whenChanged | Where whenChanged -gt (Get-Date).AddDays(-14)