Long time no update, recently engaged in some of the Linux things, PowerShell also delayed, update the directory of activities to organize the script for you to reference.
Demand:
One, the domain computers and personnel to move to the corresponding branch of the OU (each OU Group Policy is different)
Second, delete password expires more than one year of users
Third, delete the disabled account
Keyword: move-adobject
Implementation: Windows Scheduled Tasks execute periodically
Post-maintenance: Check the execution return value regularly
<#. notes=========================================================================== created with: Sapien technologies, inc., powershell studio 2014 v4.1.63 created on: 2014/9/4 10:10 Created by: xing_ji Organization: filename: ================================================================= ==========. Descriptiona description of the file.#> $host. Ui. rawui.windowtitle = "Move-adobject edit by xing_ji" import-module activedirectory #移动计算机对象 $userpath = ' ou=standard_computer,ou=cn_computer,dc=cn,dc=synnex-grp,dc=com ' $serverpath = ' ou=synnex_server,ou=cn_computer,dc=cn,dc=synnex-grp,dc=com ' $temppath = ' Ou=temp,ou=standard_ Computer,ou=cn_computer,dc=cn,dc=synnex-grp,dc=com ' $allcomputer =get-adcomputer -searchbase ' CN= Computers,dc=cn,dc=synnex-grp,dc=com ' -filter *foreach ($computer in $allcomputer) { #因公司计算机标准名称为 Four-bit English + 5-digit serial number if ($computer .name -match "\d{5}$") { move-adobject -Identity $computer. distinguishedname -targetpath $ userpath } #将一些测试主机排除 including tes words elseif ( $computer .name -match "\d\d{2}$" -and $computer .name -notlike "*tes*") { Move-ADObject -Identity $computer. distinguishedname -targetpath $ serverpath } else { move-adobject - identity $computer .distinguishedname -targetpath $temppath }}< #删除过期超过300天用户, Delete account hasRisk, so this paragraph I commented, need to uncomment can $disableusers=get-aduser -filter ' passwordneverexpires -eq "false" -and enabled -eq "true" ' | foreach{$_.name}foreach ($disableuser in $disableusers) {$passwordlastset =get-aduser - identity $disableuser -properties * | foreach{$_.passwordlastset} $pwdlastday = ($ Passwordlastset). AddDays ($now =get-date$expire_day= ($pwdlastday - $now) .daysif ($expire _day -le -300) {remove-aduser -identity $disableuser -confirm: $false }}#> #删除禁用帐户, System built-in account remember to keep, I have kept guest\krbtgt and so on, according to your needs #get-aduser -filter ' enabled -eq "false" - and name -notlike "Guest" -and name -notlike "Smartit" -and name -notlike "Support_388945a0" -and name -notlike "krbtgt" | remove-aduser# Mobile ad users, with switch more clear. $cspath = ' ou=cs,ou=east,ou=synnex_user,ou=cn_user,dc=cn,dc=synnex-grp,dc=com ' $Hfpath= ' ou=hf,ou=east,ou=synnex_user,ou=cn_user,dc=cn,dc=synnex-grp,dc=com ' $hzpath = ' ou=hz,ou=east,ou=synnex_ user,ou=cn_user,dc=cn,dc=synnex-grp,dc=com ' $nbpath = ' ou=nb,ou=east,ou=synnex_user,ou=cn_user,dc=cn,dc= synnex-grp,dc=com ' $ncpath = ' ou=nc,ou=east,ou=synnex_user,ou=cn_user,dc=cn,dc=synnex-grp,dc=com ' $alluser = Get-ADUser -SearchBase ' ou=_adjust,ou=cn_user,dc=cn,dc=synnex-grp,dc=com ' -filter * -Properties *foreach ($user in $alluser) {if ($user. Displayname -match ' _cs ') {move-adobject -identity $user .distinguishedname -targetpath $cspath} elseif ($user .displayname -match ' _hf ') {move-adobject -identity $ user.distinguishedname -targetpath $hfpath}elseif ($user .displayname -match ' _ HZ ') {move-adobject -identity $user .distinguishedname -targetpath $hzpath}elseif ($user .displayname -match ' _nb ') {Move-adobject -identity $user .distinguishedname -targetpath $nbpath}elseif ($ user.displayname -match ' _nc ') {move-adobject -identity $user .distinguishedname -targetpath $ncpath}}
Join the scheduled task, as I set it
Note the point:
First, run-level account please use the SYSTEM account, if you use your own, in case you leave the day, the account is deleted, the scheduled task will not start.
Second, not after the script is completely out of control, or to periodically look at the task return value to determine whether to succeed, or manually go to see if the object is in the correct position.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/0C/wKiom1R2k2qyUdemAAJyHV76Jbg118.jpg "style=" float: none; "title=" qq20141127105735.jpg "alt=" Wkiom1r2k2qyudemaajyhv76jbg118.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/0A/wKioL1R2k-7yqIufAAHrLlQUb4k780.jpg "style=" float: none; "title=" qq20141127105750.jpg "alt=" Wkiol1r2k-7yqiufaahrllqub4k780.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/0A/wKioL1R2k--AcgDKAANiRyB9xZA874.jpg "style=" float: none; "title=" qq20141127105813.jpg "alt=" Wkiol1r2k--acgdkaaniryb9xza874.jpg "/>
Run a small half a year, no problem, dedication to everyone, the organization of large-scale companies more useful, save me a lot of time. I hope I can help you.
This article is from the "Talk" blog, please be sure to keep this source http://jixing.blog.51cto.com/821242/1583111
Automating the management of objects in Active Directory
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
