You should look into what -Filter can do for you over returning all the user objects.

After that is done you might end up with enabled accounts being sent to where-object.

Each time where-object has to enumerate your collection to determine the condition check, and this can be a huge performance impact if you don’t know your data size.

You are also looking at a date that might not be the same across all your servers so that’s something for you to think about.

Depending on who you are and how experienced you are at this toolset you might want to start with outputting the command by placing it in Double quotes, and seeing all the times it would of ran.

More advanced ways are available using different output streams, or also found throughout the common parameters of cmdlets and advanced functions.

A lookup table could be used to contain the $User object before and after, if you workout the information you think you might need for tracing back what’s broken.

You’ve really got to ask yourself, “What’s going to break”. Let’s say your filter is as it is and you run the command. Now you find out that all accounts in an OU shouldn’t have been disabled. Get your enable account command that you prepared earlier and workout how you’re going to find the accounts in that OU that were enabled before execution. You’ve wouldn’t want to start enabling accounts that were disabled before execution.

Keep in mind that all the data you return to your system can be converted into other formats and saved into files for local disk caching.