Get ad Object and disable move Delete ad account script query to delete ad accounts computer

Get AD Computer Account.ps1

The following script implements a query that is larger than 90 days without logging on to the computer account and moving it into an OU, or it can be disable and deleted in conjunction with the script:

# Gets time stamps for all computers in Thedomain that has not logged in since after specified date Mod by tilo2013-08-27

Import-module ActiveDirectory

$domain = "Domain.mydom.com"

$DaysInactive = 90

$time = (get-date). Adddays (-($DaysInactive))

# Get all AD computers with lastlogontimestamp less than our time

Get-adcomputer –searchbase "ou=computer_ou,dc=devin,dc=com" -filter {lastlogontimestamp-lt $time}- Properties lastLogonTimestamp | Move-adobject–targetpath "Ou=test,dc=devin,dc=com"

The following commands are frequently used and can be used separately, including operations such as deleting disable and moving after a query

Other-To resolve the issue:

-----------------------------------------------

# this PowerShell Command would query Active Directory and return thecomputer accounts which has not loggedfor the past 6  0 days.  You can easilychange the number of days from the number of your choosing.  Lastlogondate is a Human readable conversionof the lastLogonTimestamp (as far as I am able to discern. More details about the timestamp can

# BES found at Technet-http://bit.ly/ypgwxj--mwt, 03/12/13

$then = (get-date). AddDays ( -60)

# The number of days from today since the last logon.

Get-adcomputer-property name,lastlogondate-filter {Lastlogondate-lt$then} | FT

Name,lastlogondate

# If you would like to Disable these computer accounts, uncomment the following line:

Get-adcomputer-property name,lastlogondate-filter {Lastlogondate-lt$then} | Set-adcomputer-enabled $false

# If you would as to Remove These computer accounts, uncomment the following line:

Get-adcomputer-property name,lastlogondate-filter {Lastlogondate-lt$then} | remove-

Adcomputer

# If you would as to move These computer accounts to a OU, uncomment the Followingline:

get-adcomputer-property name,lastlogondate-filter {lastlogondate-lt$then} | Move-adobject–targetpath "ou=test,dc=devin,dc=com"

# # PS. Scope in which the search can be added , the command is:

Get-adcomputer –searchbase "ou=computer_ou,dc=devin,dc=com" -property name,lastlogondate-filter{ Lastlogondate-lt $then} | Move-adobject–targetpath "Ou=test,dc=devin,dc=com"

Query Disabled computer account:

The 1:

# Only disabled computer accounts

Get-qadcomputer-ldapfilter ' (useraccountcontrol:1.2.840.113556.1.4.803:=2) '

# Only enabled computer accounts

Get-qadcomputer-ldapfilter ' (! ( useraccountcontrol:1.2.840.113556.1.4.803:=2)) '

The 2:

dsquery computer–disabled–limit0

dsquery computer–disabled–limit0 | Dsrm–noprompt

Another way to be slightly more complex is to use GET-QAD:

Query the computer and move to one OU:

# Set the date to being used as a limit-in this example:120 daysearlier than the current date

$old = (get-date). AddDays (-120)

# Get the list of computers with the date earlier than this date->

Get-qadcomputer-includedproperties Pwdlastset-sizelimit 0 | where {$_.pwdlastset-le $old}

# Get a CSV report--

Get-qadcomputer-includedproperties Pwdlastset-sizelimit 0 | where {$_.pwdlastset-le $old} | Select-object Name, Parentcontainer, Description, PwdLastSet |export-csv c:\temp\outdated.csv

# move such computers to another OU

Get-qadcomputer-includedproperties Pwdlastset-sizelimit 0 | where {$_.pwdlastset-le $old} | Move-qadobject-to My.corp/obsolete

# Remove the computer records from AD (since this actually deletesthe records, it would is preferable to run the command W Ith-whatif Switchbefore running without it)

Get-qadcomputer-includedproperties Pwdlastset-sizelimit 0 | where {$_.pwdlastset-le $old} | Remove-qadobject-to My.corp/obsolete

Comment#1-Use-sizelimit0 To remove the default retrieval object limitation

comment#2, select Thecolumns needed in the report with Theselect-object cmdlet.

P.s. For the Qadcomputercommand, please refer to the following article:

Http://www.powershelladmin.com/wiki/Quest_activeroles

Download the 64-bit or 32-bitversion according to your system, and install it, after that open the Powershellwindows, run C8>add-pssnapin Quest.ActiveRoles.ADManagementcommand to import the Qadcomputer related module.

For reference only, if there is any problem, you can send the message, or leave a message to me.

Thank you

This article is from the "Sulan Network" blog, so be sure to keep this source http://zhangfang526.blog.51cto.com/8588740/1719297

Get ad Object and disable move Delete ad account script query to delete ad accounts computer