====== Active Directory ======

====== Tools ======
  * [[https://github.com/jdhitsolutions/ADReportingTools]]

====== Solutions ======
=== run-mmc.bat ===
Run AD domain tools from machines not joined to domain.
<code batch>
@echo off
@rem This script allows mmc to be ran for AD domains from non domain joined machines.
@rem Run this script as administrator.
set /p USER="Username: "
runas /netonly /user:contoso.com\%USER% "mmc C:\Users\Public\Desktop\contoso.msc /server=contoso.com"
pause
</code>

----

=== Get LastLogon to find stale user accounts ===
//Powershell// command for getting the LastLogon date-time for users on a specified domain controller.
<code powershell>
Get-ADUser -Credential $Credentials -Server pdc -Filter * -Properties * | Select-Object Name, @{N='LastLogon'; E={[DateTime]::FromFileTime($_.LastLogon)}}
</code>

See theses solutions for handling multiple domain controllers, [[https://interworks.com/blog/trhymer/2014/01/22/powershell-get-last-logon-all-users-across-all-domain-controllers/|solution1]], [[https://stackoverflow.com/questions/41042336/lastlogon-from-all-domain-controllers-csv-output|solution2]].