trevorbryant/Get-StaleADUserAccounts.ps1

## Get-StaleADUserAccounts.ps1
# Super duper dumb PS script to query ActiveDirectory for misconfigured User accounts.
# Created by Trevor Bryant (@apporima)
# Get-StaleADUserAccounts.ps1 version 1.0.0

# Set variables
$timestamp = (Get-Date -f HHmmss_MMddyyyy)
$ADDomainInfo = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$ADDomainInfoMode = $ADDomainInfo.DomainMode
$ADDomainInfoName = $ADDomainInfo.Name
$Export = "C:\temp\AD_Audit\Stale_AD_User_Account_Audit_$ADDomainInfoName`_$timestamp.csv"
$Properties = @("SamAccountName","DisplayName","Description","Manager","ObjectClass","Enabled","LastLogonDate","AccountExpirationDate","PasswordNeverExpires","PasswordExpired","PasswordNotRequired","PasswordLastSet","SmartcardLogonRequired")
$AuditExport = @()

# Set functions
function Get-AccountNeverExpires() {

    Get-Aduser -Filter {accountExpires -Eq "9223372036854775807"} -Properties $Properties | Where-Object {

        $_.SamAccountName -notcontains 'domainacct1$' `
        -and $_.SamAccountName -notcontains '$domainacct2' `
        -and $_.SamAccountName -notcontains 'domainacct3$' `

    } | Select-Object $Properties

}

function Get-ManagerNotSet() {

    Get-Aduser -Filter {SamAccountName -Like "*"} -Properties $Properties | Where-Object {

        $_.Manager -eq $null -and $_.DistinguishedName -NotLike "*CA Resources*"

    } | Select-Object $Properties

}

function Get-PasswordNotRequired() {

    Get-Aduser -Filter {PasswordNotRequired -Eq $True} -Properties $Properties | Where-Object {

        $_.SamAccountName -notcontains 'domainacct1$' `
        -and $_.SamAccountName -notcontains '$domainacct2' `
        -and $_.SamAccountName -notcontains 'domainacct3$' `

    } | Select-Object $Properties

}

function Get-PasswordNeverExpires() {

    Get-Aduser -Filter {PasswordNeverExpires -Eq $True} -Properties $Properties | Where-Object {

        $_.SamAccountName -notcontains 'domainacct1$' `
        -and $_.SamAccountName -notcontains '$domainacct2' `
        -and $_.SamAccountName -notcontains 'domainacct3$' `

    } | Select-Object $Properties

}

function Get-LogonAge90() {

    Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 -UsersOnly | Where-Object {

        $_.DistinguishedName -NotLike "*Mailbox*" `
        -and $_.SamAccountName -notcontains 'domainacct1$' `
        -and $_.SamAccountName -notcontains '$domainacct2' `
        -and $_.SamAccountName -notcontains 'domainacct3$' `
        -and $_.SamAccountName -notcontains 'krbtgt' `

        } | ForEach-Object {

            Get-ADUser $_.SamAccountName -Properties $Properties

    } | Select-Object $Properties

}

<#
function Get-DescriptionFieldNotCompliant() {

    $Description = @(<custom requirements>)
    Get-Aduser -Filter {Description -NotLike $Description} -Properties $Properties | Select-Object $Properties

}
#>

#######################
### Maximum Effort! ###
#######################

# Save function results in variables because we don't care about memory usage.
$AccountNeverExpires = Get-AccountNeverExpires
$ManagerNotSet = Get-ManagerNotSet
$PasswordNotRequired = Get-PasswordNotRequired
$PasswordNeverExpires = Get-PasswordNeverExpires
$LogonAge90 = Get-LogonAge90
#$DescriptionFieldNotCompliant = Get-DescriptionFieldNotCompliant

# Build PSObject for each saved variable
Write-Host "Collecting information: Account Never Expires."
$AccountNeverExpires | ForEach-Object {

    $Category = "AccountNeverExpires"
    $Audit = New-Object -TypeName PSObject
    $Audit | Add-Member -MemberType NoteProperty -Name Category -Value $Category
    $Audit | Add-Member -MemberType NoteProperty -Name SamAccountName -Value $_.SamAccountName
    $Audit | Add-Member -MemberType NoteProperty -Name DisplayName -Value $_.DisplayName
    $Audit | Add-Member -MemberType NoteProperty -Name Description -Value $_.Description
    $Audit | Add-Member -MemberType NoteProperty -Name Manager -Value $_.Manager
    $Audit | Add-Member -MemberType NoteProperty -Name ObjectClass -Value $_.ObjectClass
    $Audit | Add-Member -MemberType NoteProperty -Name LastLogonDate -Value $_.LastLogonDate
    $Audit | Add-Member -MemberType NoteProperty -Name AccountExpirationDate -Value $_.AccountExpirationDate
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordNeverExpires -Value $_.PasswordNeverExpires
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordExpired -Value $_.PasswordExpired
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordNotRequired -Value $_.PasswordNotRequired
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordLastSet -Value $_.PasswordLastSet
    $Audit | Add-Member -MemberType NoteProperty -Name SmartcardLogonRequired -Value $_.SmartcardLogonRequired
    $AuditExport += $Audit
}

Write-Host "Collecting information: Manager Not Set."
$ManagerNotSet | ForEach-Object {

    $Category = "ManagerNotSet"
    $Audit = New-Object -TypeName PSObject
    $Audit | Add-Member -MemberType NoteProperty -Name Category -Value $Category
    $Audit | Add-Member -MemberType NoteProperty -Name SamAccountName -Value $_.SamAccountName
    $Audit | Add-Member -MemberType NoteProperty -Name DisplayName -Value $_.DisplayName
    $Audit | Add-Member -MemberType NoteProperty -Name Description -Value $_.Description
    $Audit | Add-Member -MemberType NoteProperty -Name Manager -Value $_.Manager
    $Audit | Add-Member -MemberType NoteProperty -Name ObjectClass -Value $_.ObjectClass
    $Audit | Add-Member -MemberType NoteProperty -Name LastLogonDate -Value $_.LastLogonDate
    $Audit | Add-Member -MemberType NoteProperty -Name AccountExpirationDate -Value $_.AccountExpirationDate
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordNeverExpires -Value $_.PasswordNeverExpires
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordExpired -Value $_.PasswordExpired
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordNotRequired -Value $_.PasswordNotRequired
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordLastSet -Value $_.PasswordLastSet
    $Audit | Add-Member -MemberType NoteProperty -Name SmartcardLogonRequired -Value $_.SmartcardLogonRequired
    $AuditExport += $Audit
}

Write-Host "Collecting information: Password Not Required."
$PasswordNotRequired | ForEach-Object {

    $Category = "PasswordNotRequired"
    $Audit = New-Object -TypeName PSObject
    $Audit | Add-Member -MemberType NoteProperty -Name Category -Value $Category
    $Audit | Add-Member -MemberType NoteProperty -Name SamAccountName -Value $_.SamAccountName
    $Audit | Add-Member -MemberType NoteProperty -Name DisplayName -Value $_.DisplayName
    $Audit | Add-Member -MemberType NoteProperty -Name Description -Value $_.Description
    $Audit | Add-Member -MemberType NoteProperty -Name Manager -Value $_.Manager
    $Audit | Add-Member -MemberType NoteProperty -Name ObjectClass -Value $_.ObjectClass
    $Audit | Add-Member -MemberType NoteProperty -Name LastLogonDate -Value $_.LastLogonDate
    $Audit | Add-Member -MemberType NoteProperty -Name AccountExpirationDate -Value $_.AccountExpirationDate
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordNeverExpires -Value $_.PasswordNeverExpires
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordExpired -Value $_.PasswordExpired
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordNotRequired -Value $_.PasswordNotRequired
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordLastSet -Value $_.PasswordLastSet
    $Audit | Add-Member -MemberType NoteProperty -Name SmartcardLogonRequired -Value $_.SmartcardLogonRequired
    $AuditExport += $Audit
}

Write-Host "Collecting information: Password Never Expires."
$PasswordNeverExpires | ForEach-Object {

    $Category = "PasswordNeverExpires"
    $Audit = New-Object -TypeName PSObject
    $Audit | Add-Member -MemberType NoteProperty -Name Category -Value $Category
    $Audit | Add-Member -MemberType NoteProperty -Name SamAccountName -Value $_.SamAccountName
    $Audit | Add-Member -MemberType NoteProperty -Name DisplayName -Value $_.DisplayName
    $Audit | Add-Member -MemberType NoteProperty -Name Description -Value $_.Description
    $Audit | Add-Member -MemberType NoteProperty -Name Manager -Value $_.Manager
    $Audit | Add-Member -MemberType NoteProperty -Name ObjectClass -Value $_.ObjectClass
    $Audit | Add-Member -MemberType NoteProperty -Name LastLogonDate -Value $_.LastLogonDate
    $Audit | Add-Member -MemberType NoteProperty -Name AccountExpirationDate -Value $_.AccountExpirationDate
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordNeverExpires -Value $_.PasswordNeverExpires
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordExpired -Value $_.PasswordExpired
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordNotRequired -Value $_.PasswordNotRequired
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordLastSet -Value $_.PasswordLastSet
    $Audit | Add-Member -MemberType NoteProperty -Name SmartcardLogonRequired -Value $_.SmartcardLogonRequired
    $AuditExport += $Audit
}

Write-Host "Collecting information: Logon Age > 90."
$LogonAge90 | ForEach-Object {

    $Category = "LogonAge90"
    $Audit = New-Object -TypeName PSObject
    $Audit | Add-Member -MemberType NoteProperty -Name Category -Value $Category
    $Audit | Add-Member -MemberType NoteProperty -Name SamAccountName -Value $_.SamAccountName
    $Audit | Add-Member -MemberType NoteProperty -Name DisplayName -Value $_.DisplayName
    $Audit | Add-Member -MemberType NoteProperty -Name Description -Value $_.Description
    $Audit | Add-Member -MemberType NoteProperty -Name Manager -Value $_.Manager
    $Audit | Add-Member -MemberType NoteProperty -Name ObjectClass -Value $_.ObjectClass
    $Audit | Add-Member -MemberType NoteProperty -Name LastLogonDate -Value $_.LastLogonDate
    $Audit | Add-Member -MemberType NoteProperty -Name AccountExpirationDate -Value $_.AccountExpirationDate
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordNeverExpires -Value $_.PasswordNeverExpires
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordExpired -Value $_.PasswordExpired
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordNotRequired -Value $_.PasswordNotRequired
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordLastSet -Value $_.PasswordLastSet
    $Audit | Add-Member -MemberType NoteProperty -Name SmartcardLogonRequired -Value $_.SmartcardLogonRequired
    $AuditExport += $Audit
}

<#
Write-Host "Collecting information: Description Field Not Compliant."
$DescriptionFieldNotCompliant | ForEach-Object {

    $Category = "DescriptionFieldNotCompliant"
    $Audit = New-Object -TypeName PSObject
    $Audit | Add-Member -MemberType NoteProperty -Name Category -Value $Category
    $Audit | Add-Member -MemberType NoteProperty -Name SamAccountName -Value $_.SamAccountName
    $Audit | Add-Member -MemberType NoteProperty -Name DisplayName -Value $_.DisplayName
    $Audit | Add-Member -MemberType NoteProperty -Name Description -Value $_.Description
    $Audit | Add-Member -MemberType NoteProperty -Name Manager -Value $_.Manager
    $Audit | Add-Member -MemberType NoteProperty -Name ObjectClass -Value $_.ObjectClass
    $Audit | Add-Member -MemberType NoteProperty -Name LastLogonDate -Value $_.LastLogonDate
    $Audit | Add-Member -MemberType NoteProperty -Name AccountExpirationDate -Value $_.AccountExpirationDate
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordNeverExpires -Value $_.PasswordNeverExpires
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordExpired -Value $_.PasswordExpired
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordNotRequired -Value $_.PasswordNotRequired
    $Audit | Add-Member -MemberType NoteProperty -Name PasswordLastSet -Value $_.PasswordLastSet
    $Audit | Add-Member -MemberType NoteProperty -Name SmartcardLogonRequired -Value $_.SmartcardLogonRequired
    $AuditExport += $Audit
} #>

$AuditExport | Export-CSV -NoTypeInformation $Export
Write-Host "Saved: $Export"

Clear-Variable -Name AuditExport,Audit,TimeStamp,Properties,AccountNeverExpires,ManagerNotSet,PasswordNotRequired,PasswordNeverExpires,LogonAge90,DescriptionFieldNotCompliant,Export -ErrorAction SilentlyContinue
	# Super duper dumb PS script to query ActiveDirectory for misconfigured User accounts.
	# Created by Trevor Bryant (@apporima)
	# Get-StaleADUserAccounts.ps1 version 1.0.0

	# Set variables
	$timestamp = (Get-Date -f HHmmss_MMddyyyy)
	$ADDomainInfo = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
	$ADDomainInfoMode = $ADDomainInfo.DomainMode
	$ADDomainInfoName = $ADDomainInfo.Name
	$Export = "C:\temp\AD_Audit\Stale_AD_User_Account_Audit_$ADDomainInfoName`_$timestamp.csv"
	$Properties = @("SamAccountName","DisplayName","Description","Manager","ObjectClass","Enabled","LastLogonDate","AccountExpirationDate","PasswordNeverExpires","PasswordExpired","PasswordNotRequired","PasswordLastSet","SmartcardLogonRequired")
	$AuditExport = @()

	# Set functions
	function Get-AccountNeverExpires() {

	Get-Aduser -Filter {accountExpires -Eq "9223372036854775807"} -Properties $Properties \| Where-Object {

	$_.SamAccountName -notcontains 'domainacct1$' `
	-and $_.SamAccountName -notcontains '$domainacct2' `
	-and $_.SamAccountName -notcontains 'domainacct3$' `

	} \| Select-Object $Properties

	}

	function Get-ManagerNotSet() {

	Get-Aduser -Filter {SamAccountName -Like "*"} -Properties $Properties \| Where-Object {

	$_.Manager -eq $null -and $_.DistinguishedName -NotLike "CA Resources"

	} \| Select-Object $Properties

	}

	function Get-PasswordNotRequired() {

	Get-Aduser -Filter {PasswordNotRequired -Eq $True} -Properties $Properties \| Where-Object {

	$_.SamAccountName -notcontains 'domainacct1$' `
	-and $_.SamAccountName -notcontains '$domainacct2' `
	-and $_.SamAccountName -notcontains 'domainacct3$' `

	} \| Select-Object $Properties

	}

	function Get-PasswordNeverExpires() {

	Get-Aduser -Filter {PasswordNeverExpires -Eq $True} -Properties $Properties \| Where-Object {

	$_.SamAccountName -notcontains 'domainacct1$' `
	-and $_.SamAccountName -notcontains '$domainacct2' `
	-and $_.SamAccountName -notcontains 'domainacct3$' `

	} \| Select-Object $Properties

	}

	function Get-LogonAge90() {

	Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 -UsersOnly \| Where-Object {

	$_.DistinguishedName -NotLike "Mailbox" `
	-and $_.SamAccountName -notcontains 'domainacct1$' `
	-and $_.SamAccountName -notcontains '$domainacct2' `
	-and $_.SamAccountName -notcontains 'domainacct3$' `
	-and $_.SamAccountName -notcontains 'krbtgt' `

	} \| ForEach-Object {

	Get-ADUser $_.SamAccountName -Properties $Properties

	} \| Select-Object $Properties

	}

	<#
	function Get-DescriptionFieldNotCompliant() {

	$Description = @(<custom requirements>)
	Get-Aduser -Filter {Description -NotLike $Description} -Properties $Properties \| Select-Object $Properties

	}
	#>

	#######################
	### Maximum Effort! ###
	#######################

	# Save function results in variables because we don't care about memory usage.
	$AccountNeverExpires = Get-AccountNeverExpires
	$ManagerNotSet = Get-ManagerNotSet
	$PasswordNotRequired = Get-PasswordNotRequired
	$PasswordNeverExpires = Get-PasswordNeverExpires
	$LogonAge90 = Get-LogonAge90
	#$DescriptionFieldNotCompliant = Get-DescriptionFieldNotCompliant

	# Build PSObject for each saved variable
	Write-Host "Collecting information: Account Never Expires."
	$AccountNeverExpires \| ForEach-Object {

	$Category = "AccountNeverExpires"
	$Audit = New-Object -TypeName PSObject
	$Audit \| Add-Member -MemberType NoteProperty -Name Category -Value $Category
	$Audit \| Add-Member -MemberType NoteProperty -Name SamAccountName -Value $_.SamAccountName
	$Audit \| Add-Member -MemberType NoteProperty -Name DisplayName -Value $_.DisplayName
	$Audit \| Add-Member -MemberType NoteProperty -Name Description -Value $_.Description
	$Audit \| Add-Member -MemberType NoteProperty -Name Manager -Value $_.Manager
	$Audit \| Add-Member -MemberType NoteProperty -Name ObjectClass -Value $_.ObjectClass
	$Audit \| Add-Member -MemberType NoteProperty -Name LastLogonDate -Value $_.LastLogonDate
	$Audit \| Add-Member -MemberType NoteProperty -Name AccountExpirationDate -Value $_.AccountExpirationDate
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordNeverExpires -Value $_.PasswordNeverExpires
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordExpired -Value $_.PasswordExpired
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordNotRequired -Value $_.PasswordNotRequired
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordLastSet -Value $_.PasswordLastSet
	$Audit \| Add-Member -MemberType NoteProperty -Name SmartcardLogonRequired -Value $_.SmartcardLogonRequired
	$AuditExport += $Audit
	}

	Write-Host "Collecting information: Manager Not Set."
	$ManagerNotSet \| ForEach-Object {

	$Category = "ManagerNotSet"
	$Audit = New-Object -TypeName PSObject
	$Audit \| Add-Member -MemberType NoteProperty -Name Category -Value $Category
	$Audit \| Add-Member -MemberType NoteProperty -Name SamAccountName -Value $_.SamAccountName
	$Audit \| Add-Member -MemberType NoteProperty -Name DisplayName -Value $_.DisplayName
	$Audit \| Add-Member -MemberType NoteProperty -Name Description -Value $_.Description
	$Audit \| Add-Member -MemberType NoteProperty -Name Manager -Value $_.Manager
	$Audit \| Add-Member -MemberType NoteProperty -Name ObjectClass -Value $_.ObjectClass
	$Audit \| Add-Member -MemberType NoteProperty -Name LastLogonDate -Value $_.LastLogonDate
	$Audit \| Add-Member -MemberType NoteProperty -Name AccountExpirationDate -Value $_.AccountExpirationDate
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordNeverExpires -Value $_.PasswordNeverExpires
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordExpired -Value $_.PasswordExpired
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordNotRequired -Value $_.PasswordNotRequired
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordLastSet -Value $_.PasswordLastSet
	$Audit \| Add-Member -MemberType NoteProperty -Name SmartcardLogonRequired -Value $_.SmartcardLogonRequired
	$AuditExport += $Audit
	}

	Write-Host "Collecting information: Password Not Required."
	$PasswordNotRequired \| ForEach-Object {

	$Category = "PasswordNotRequired"
	$Audit = New-Object -TypeName PSObject
	$Audit \| Add-Member -MemberType NoteProperty -Name Category -Value $Category
	$Audit \| Add-Member -MemberType NoteProperty -Name SamAccountName -Value $_.SamAccountName
	$Audit \| Add-Member -MemberType NoteProperty -Name DisplayName -Value $_.DisplayName
	$Audit \| Add-Member -MemberType NoteProperty -Name Description -Value $_.Description
	$Audit \| Add-Member -MemberType NoteProperty -Name Manager -Value $_.Manager
	$Audit \| Add-Member -MemberType NoteProperty -Name ObjectClass -Value $_.ObjectClass
	$Audit \| Add-Member -MemberType NoteProperty -Name LastLogonDate -Value $_.LastLogonDate
	$Audit \| Add-Member -MemberType NoteProperty -Name AccountExpirationDate -Value $_.AccountExpirationDate
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordNeverExpires -Value $_.PasswordNeverExpires
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordExpired -Value $_.PasswordExpired
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordNotRequired -Value $_.PasswordNotRequired
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordLastSet -Value $_.PasswordLastSet
	$Audit \| Add-Member -MemberType NoteProperty -Name SmartcardLogonRequired -Value $_.SmartcardLogonRequired
	$AuditExport += $Audit
	}

	Write-Host "Collecting information: Password Never Expires."
	$PasswordNeverExpires \| ForEach-Object {

	$Category = "PasswordNeverExpires"
	$Audit = New-Object -TypeName PSObject
	$Audit \| Add-Member -MemberType NoteProperty -Name Category -Value $Category
	$Audit \| Add-Member -MemberType NoteProperty -Name SamAccountName -Value $_.SamAccountName
	$Audit \| Add-Member -MemberType NoteProperty -Name DisplayName -Value $_.DisplayName
	$Audit \| Add-Member -MemberType NoteProperty -Name Description -Value $_.Description
	$Audit \| Add-Member -MemberType NoteProperty -Name Manager -Value $_.Manager
	$Audit \| Add-Member -MemberType NoteProperty -Name ObjectClass -Value $_.ObjectClass
	$Audit \| Add-Member -MemberType NoteProperty -Name LastLogonDate -Value $_.LastLogonDate
	$Audit \| Add-Member -MemberType NoteProperty -Name AccountExpirationDate -Value $_.AccountExpirationDate
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordNeverExpires -Value $_.PasswordNeverExpires
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordExpired -Value $_.PasswordExpired
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordNotRequired -Value $_.PasswordNotRequired
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordLastSet -Value $_.PasswordLastSet
	$Audit \| Add-Member -MemberType NoteProperty -Name SmartcardLogonRequired -Value $_.SmartcardLogonRequired
	$AuditExport += $Audit
	}

	Write-Host "Collecting information: Logon Age > 90."
	$LogonAge90 \| ForEach-Object {

	$Category = "LogonAge90"
	$Audit = New-Object -TypeName PSObject
	$Audit \| Add-Member -MemberType NoteProperty -Name Category -Value $Category
	$Audit \| Add-Member -MemberType NoteProperty -Name SamAccountName -Value $_.SamAccountName
	$Audit \| Add-Member -MemberType NoteProperty -Name DisplayName -Value $_.DisplayName
	$Audit \| Add-Member -MemberType NoteProperty -Name Description -Value $_.Description
	$Audit \| Add-Member -MemberType NoteProperty -Name Manager -Value $_.Manager
	$Audit \| Add-Member -MemberType NoteProperty -Name ObjectClass -Value $_.ObjectClass
	$Audit \| Add-Member -MemberType NoteProperty -Name LastLogonDate -Value $_.LastLogonDate
	$Audit \| Add-Member -MemberType NoteProperty -Name AccountExpirationDate -Value $_.AccountExpirationDate
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordNeverExpires -Value $_.PasswordNeverExpires
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordExpired -Value $_.PasswordExpired
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordNotRequired -Value $_.PasswordNotRequired
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordLastSet -Value $_.PasswordLastSet
	$Audit \| Add-Member -MemberType NoteProperty -Name SmartcardLogonRequired -Value $_.SmartcardLogonRequired
	$AuditExport += $Audit
	}

	<#
	Write-Host "Collecting information: Description Field Not Compliant."
	$DescriptionFieldNotCompliant \| ForEach-Object {

	$Category = "DescriptionFieldNotCompliant"
	$Audit = New-Object -TypeName PSObject
	$Audit \| Add-Member -MemberType NoteProperty -Name Category -Value $Category
	$Audit \| Add-Member -MemberType NoteProperty -Name SamAccountName -Value $_.SamAccountName
	$Audit \| Add-Member -MemberType NoteProperty -Name DisplayName -Value $_.DisplayName
	$Audit \| Add-Member -MemberType NoteProperty -Name Description -Value $_.Description
	$Audit \| Add-Member -MemberType NoteProperty -Name Manager -Value $_.Manager
	$Audit \| Add-Member -MemberType NoteProperty -Name ObjectClass -Value $_.ObjectClass
	$Audit \| Add-Member -MemberType NoteProperty -Name LastLogonDate -Value $_.LastLogonDate
	$Audit \| Add-Member -MemberType NoteProperty -Name AccountExpirationDate -Value $_.AccountExpirationDate
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordNeverExpires -Value $_.PasswordNeverExpires
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordExpired -Value $_.PasswordExpired
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordNotRequired -Value $_.PasswordNotRequired
	$Audit \| Add-Member -MemberType NoteProperty -Name PasswordLastSet -Value $_.PasswordLastSet
	$Audit \| Add-Member -MemberType NoteProperty -Name SmartcardLogonRequired -Value $_.SmartcardLogonRequired
	$AuditExport += $Audit
	} #>

	$AuditExport \| Export-CSV -NoTypeInformation $Export
	Write-Host "Saved: $Export"

	Clear-Variable -Name AuditExport,Audit,TimeStamp,Properties,AccountNeverExpires,ManagerNotSet,PasswordNotRequired,PasswordNeverExpires,LogonAge90,DescriptionFieldNotCompliant,Export -ErrorAction SilentlyContinue