The purpose of this function is to find SQL Server logins that are used by Active Directory users that are either disabled or removed from the domain. It allows you to keep your logins accurate and up to date by removing accounts that are no longer needed.
To test all logins in the domain ran from (check $env:domain) that are either disabled or do not exist
Test-DbaValidLogin -SqlServer Dev01
To test all Active directory groups that have logins on Dev01 returning a detailed view.
Test-DbaValidLogin -SqlServer Dev01 -FilterBy GroupsOnly -Detailed
To test all logins excluding any that are from the subdomain.ad.localDomain
Test-DbaValidLogin -SqlServer Dev01 -ExcludeDomains subdomain.ad.local
This command was created by Stephen Bennett. You can find Stephen on his blog.