Forum Discussion
Solved
Disable and removal of Computer accounts
Hi,
I made a script to disable old computer accounts.
My Sysadmin asked me to disable after 180 days and remove them after a year.
My goal is to disable computer accounts after 180 days and export to CSV
then delete computer accounts after 356 days and export to CSV.
Import-Module ActiveDirectory
# Set the Parameters since last logon
$DaysInactive = 180
$InactiveDate = (Get-Date).Adddays(-($DaysInactive))
$ForDisableLog = "C:\scripts\ComputerAccounts\Logs\For_Disable$((Get-Date).ToString('dd-MM-yyyy')).csv"
#-------------------------------
# FIND INACTIVE COMPUTERS
#-------------------------------
# Automated way (includes never logged on computers)
$Computers_For_Disable = Search-ADAccount -AccountInactive -DateTime $InactiveDate -ComputersOnly -SearchBase "DC=staff ,DC=local" | Where-Object {$_.distinguishedname -notlike "*,OU=Servers,*"} | Where-Object {$_.distinguishedname -notlike "*,OU=Test,*"} | Where-Object {$_.distinguishedname -notlike "*,OU=IT,*"} | Where-Object {$_.distinguishedname -notlike "*,OU=Laptops,*"} | Where-Object {$_.distinguishedname -notlike "*,CN=Computers,*"} | Select-Object Name, LastLogonDate, Enabled, DistinguishedName
#-------------------------------
# REPORTING
#-------------------------------
# Export results to CSV
$Computers_For_Disable | Export-Csv "C:\scripts\ComputerAccounts\Logs\For_Disable$((Get-Date).ToString('dd-MM-yyyy')).csv" -NoTypeInformation -Encoding UTF8
- Do you have any question or you are just sharing the script?
- Yes,
I trying to disable the computer accounts that have not been logged for 180 days, and export them on CSV file.
Also, I want to delete the computer's accounts that have not been logged for 365 days, and export them as well.I wrote a quick script to do what you need, but please note
this script will REMOVE, and DISABLE adcomputer account, test it first and make sure its doing the result you need before applying it to production..
So what you need to change only is the last line,
Get-BadPC -Days 180 -Action Disable
Days= what ever number of day
and action if you want to delete or disable.
function Get-BadPC{ param( [parameter(mandatory=$true)]$Days, [parameter(mandatory=$true)] [ValidateSet('Delete','Disable')]$Action ) $InactiveDate = (Get-Date).Adddays(-($Days)) $Computers_For_Action = Search-ADAccount -AccountInactive -DateTime $InactiveDate -ComputersOnly -SearchBase "DC=Test ,DC=local" | Where-Object {($_.distinguishedname -notlike "*,OU=Servers,*") -or ($_.distinguishedname -notlike "*,OU=Test,*") -or ($_.distinguishedname -notlike "*,OU=IT,*") -or ($_.distinguishedname -notlike "*,OU=Laptops,*") -or ($_.distinguishedname -notlike "*,CN=Computers,*")} $Computers_For_Action | Export-Csv "C:\Users\Administrator\Downloads\$($Action)-$((Get-Date).ToString('dd-MM-yyyy')).csv" -NoTypeInformation -Encoding UTF8 switch ($action){ Disable {$Computers_For_Action | Disable-ADAccount } Delete {$Computers_For_Action | Remove-ADComputer -Confirm:$False } } } Get-BadPC -Days 180 -Action Disable
