Using DSQUERY and DSMOD, and techniques from tip 8241 and tip 8244, I have scripted Inactive.bat to report all user accounts that have NOT logged on via any domain controller since a specified date. Inactive.bat can also  optionally disable these accounts.

The syntax for using Inactive.bat is:

Inactive YYYYMMDD \[/D\]

Where Inactive.bat will report all enabled accounts whose lastLogon date is earlier than YYYYMMDD, and /D is an optional parameter to disable these accounts.

Inactive.bat generates an Inactive.csv file, in the current directory, that contains the following information:

"distinguishedName","Last Log on YYYYMMDD","When Created YYYYMMDD","Was disabled Y or N"

where "Last Log on YYYYMMDD" can be "Never", and "Was disabled Y or N" will be a Y if the account was disabled when generating this Inactive.csv file. An entry in Inactive.csv might look like:

"CN=Test User,CN=Users,DC=JSIINC,DC=COM","20040113","20030427","N" NOTE: If a user has never logged on, their account will only be reported if it was created before YYYYMMDD.

NOTE: The Administrator and IWAM_%ComputerName% accounts are never disabled.

NOTE: Inactive.bat calls CvtFileTime.bat, which must be located in a folder that is in your PATH.

Inactive.bat contains:

@echo off
if \{%1\}<h1><a name="_echo_syntax_Inactive_YYYYMMDD_D_amp_goto_EOF_if_not_2_">\{\} @echo syntax: Inactive YYYYMMDD \[/D\]&goto :EOF
if not \{%2\}</a></h1>\{\} if /i \{%2\} NEQ \{/D\} @echo syntax: Inactive YYYYMMDD \[/D\]&goto :EOF
setlocal
if exist Inactive.csv del /q Inactive.csv
set work1=%1#
if "%work1:~8,1%" NEQ "#" @echo syntax: Inactive YYYYMMDD \[/D\]&endlocal&goto :EOF
set /a dte=%1
set Disable=N
if not \{%2\}==\{\} set Disable=%2
if exist Inactive.csv del /q Inactive.csv
for /f "Tokens=*" %%u in ('dsquery user domainroot -o DN -Limit 0') do (
 call :ina %%u
)
endlocal
goto :EOF
:ina
set usr=%1
set usr=%usr:"=%
set dis=N
for /f "Skip=1 Tokens=*" %%i in ('dsget user "%usr%" -disabled^|findstr /V /I /C:"dsget"') do (
 set dis=%%i
)
if /i "%dis:~0,3%" EQU "yes" goto :EOF
set dis=N
<font size="1">set qry=dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(distinguishedName=%usr%))" -attr lastLogon whenCreated</font>
set on=0
set whenymd=99999999
for /f "Tokens=*" %%s in ('dsquery server -O RDN') do (
 for /f "SKIP=1 Tokens=1-3" %%a in ('%qry% -s "%%s"') do (
  call :last %%a %%b
 )
)
Call CvtFileTime %on% DT
set /a work1=%DT:~6,4%%DT:~0,2%%DT:~3,2%
if "%DT%" EQU "Never" set work1=%whenymd%
if %work1% GEQ %dte% goto :EOF
if "%DT%" EQU "Never" set work1=Never
:test
if /i "%Disable%" NEQ "/D" goto report
call :disa>nul 2>&1
if ERRORLEVEL 0 goto report
@echo "%usr%" failed to disable.>>Inactive.csv
goto :EOF
:report
@echo "%usr%","%work1%","%whenymd%","%dis%">>Inactive.csv
goto :EOF
:disa
if /i "%usr:~0,16%" EQU "CN=Administrator" goto :EOF
if /i "%usr:~0,8%" EQU "CN=IWAM_" goto :EOF
dsmod user "%usr%" -disabled yes
if ERRORLEVEL 0 set dis=Y
goto :EOF
:last
set when=%2
set work1=%when:~6,4%%when:~0,2%%when:~3,2%
if "%work1%" LSS "%whenymd%" set whenymd=%work1%
if "%on%" LSS "%1" set on=%1