NBquery
asked on
Need script to move Workstations in AD
Hi All,
We have many PC's in 'Workstations' container in AD that no longer exist. This is due to poor house cleaning on our part and now we need to move them to the 'Disabled Workstations' OU. Is there a way to automate the process to move a PC based on the last time the object was modified in AD (which is the same as the machine last logon to the domain)? I want to move any workstation that has not logged into the domain 60 days or older. If so, is it possible to set this on a schedule?
Thanks guys!!
We have many PC's in 'Workstations' container in AD that no longer exist. This is due to poor house cleaning on our part and now we need to move them to the 'Disabled Workstations' OU. Is there a way to automate the process to move a PC based on the last time the object was modified in AD (which is the same as the machine last logon to the domain)? I want to move any workstation that has not logged into the domain 60 days or older. If so, is it possible to set this on a schedule?
Thanks guys!!
Sorry I didn't read the not logged in for 60 days. That may be a switch on the dsquery computer command. I'll look into it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks mkline71 & ngailfus...
Now to get greedy....sorry I didn't mention it in the OP, but I would like the scan to move the pc's into the disabled OU and then disable them at the same time. Would that be possible?
We have many workstation OUs at our company, one for each site. Can I have it scan a specified list of OU's?
Now to get greedy....sorry I didn't mention it in the OP, but I would like the scan to move the pc's into the disabled OU and then disable them at the same time. Would that be possible?
We have many workstation OUs at our company, one for each site. Can I have it scan a specified list of OU's?
You can use dsmod computer with a -disabled yes switch to disable all the computers in your disabled workstations OU after you move them.
dsmod computer "OU=Disabled Workstations, DC=YourDomain,DC=YourSuffi
This should disable all the computer objects within that OU.
dsmod computer "OU=Disabled Workstations, DC=YourDomain,DC=YourSuffi
This should disable all the computer objects within that OU.
ASKER
ngailfus,
I think I'm going to try the OldCmp tool. Anyidea if 'dsmod computer "OU=Disabled Workstations, DC=YourDomain,DC=YourSuffi
What about other sites Workstation OU? Do we have to run the utility seperatly for each site Workstation OU>Disabled Workstations OU?
I think I'm going to try the OldCmp tool. Anyidea if 'dsmod computer "OU=Disabled Workstations, DC=YourDomain,DC=YourSuffi
What about other sites Workstation OU? Do we have to run the utility seperatly for each site Workstation OU>Disabled Workstations OU?
with oldcmp you can disable in step 1 then move them in step 2, I haven't tried the combo
First disable
oldcmp -age 60 -disable -forreal
then move (will only move disabled acounts)
oldcmp -move -newparent "ou=disabled workstations,dc=yourdomain
You can use the -b switch and then specify the DN of your OU but you can't put multiple OUs there because an LDAP search can have only a single base.
As a side note before disabling anything I'd first just use oldcmp to run a report. Then you will know what will be disabled just in case there are some PCs you don't want disabled.
Thanks
Mike
First disable
oldcmp -age 60 -disable -forreal
then move (will only move disabled acounts)
oldcmp -move -newparent "ou=disabled workstations,dc=yourdomain
You can use the -b switch and then specify the DN of your OU but you can't put multiple OUs there because an LDAP search can have only a single base.
As a side note before disabling anything I'd first just use oldcmp to run a report. Then you will know what will be disabled just in case there are some PCs you don't want disabled.
Thanks
Mike
dsquery computer "ou=Workstations,dc=YourDo
If you have nested OUs you will have to list them all from the inside out. For example, ou=Workstations,ou=Systems