Powershell help - tombstoned computer script
I've created a script for disabling and moving a specific computer account to the disable workstations OU. Now I'm trying to adapt it to disable/move many results at once. Here's the single user script:
Now here's what I've got for the multiple:
Now my hangup is line 14, it seems that I cannot '-Searchroot' and '-InactiveFor' in the same command. How can I search a specific OU by the InactiveFor variable?
$Computer = Read-Host "Enter the host name"
$time = Read-Host "Enter InactiveFor time in days"
# Disabling and moving computer accounts to Disabled Workstation OU
Get-QADComputer $Computer -InactiveFor $time
Read-Host "Ok to continue?"
$x = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
Set-QADComputer $Computer -Description "Disabled on $(Get-Date)"
# Disable the account
Disable-QADComputer $Computer
# Move the account
Move-QADObject $Computer -NewParentContainer "domain.name/disabled workstations"
"Accounts disabled, moved and password changed"
"Have a nice day"Now here's what I've got for the multiple:
# Establish AD session as Admin
connect-QADService -credential $cred
#Disabling and moving ALL computer accounts older than X days
#In the MS workstation OU
# $Computer = Read-Host "Enter the host name"
$time = Read-Host "Enter InactiveFor time in days"
# Disabling and moving computer accounts to Disabled Workstation OU
Get-QADComputer -SearchRoot 'domain.name/machines/workstations/ms' -InactiveFor $time
Read-Host "Ok to continue?"
$x = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
Set-QADComputer -SearchRoot 'domain.name/machines/workstations/ms' -Inactivefor $time -Description "Disabled on $(Get-Date)"
# Disable the account
Disable-QADComputer $Computer
# Move the account
Move-QADObject $Computer -NewParentContainer "domain.name/disabled workstations"
"Accounts disabled, moved and password changed"
"Have a nice day"Now my hangup is line 14, it seems that I cannot '-Searchroot' and '-InactiveFor' in the same command. How can I search a specific OU by the InactiveFor variable?
ASKER
Well I had assumed it was the correct syntax since the full command minus the "-Inactivefor $time" returns computer names from the right OU. Lets see what your suggestion does.
ASKER
No go..
Your suggestion:
PS C:\Users\bhart.DIFC\Desktop> set-QADComputer -SearchRoot 'domain.name/machines/workstations/ms' -inactivefor 120 -Description "Disabled on $(Get-Date)"
Set-QADComputer : A parameter cannot be found that matches parameter name 'SearchRoot'.
At line:1 char:28
+ set-QADComputer -SearchRoot <<<< 'domain.name/machines/workstations/ms' -inactivefor 120 -Description "Disabled on $(Get-Date)"
+ CategoryInfo : InvalidArgument: (:) [Set-QADComputer], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.SetComputerCmdlet
Your suggestion:
Set-QADComputer : A parameter cannot be found that matches parameter name 'SearchRoot'.
At line:1 char:28
+ set-QADComputer -SearchRoot <<<< "ou=ms,ou=workstations,ou=machines,dc=extension,dc=sub,dc=domain" -inactivefor 120 -Description "Disabled on $(Get-D
ate)"
+ CategoryInfo : InvalidArgument: (:) [Set-QADComputer], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.SetComputerCmdletASKER
Damn I wish there was an edit button
PS C:\Users\bhart.DIFC\Desktop> set-QADComputer -SearchRoot "ou=ms,ou=workstations,ou=machines,dc=org,dc=root01,dc=difc" -inactivefor 120 -Description "Disabled on $(Get-Date)"
Set-QADComputer : A parameter cannot be found that matches parameter name 'SearchRoot'.
At line:1 char:28
+ set-QADComputer -SearchRoot <<<< "ou=ms,ou=workstations,ou=machines,dc=org,dc=root01,dc=difc" -inactivefor 120 -Description "Disabled on $(Get-D
ate)"
+ CategoryInfo : InvalidArgument: (:) [Set-QADComputer], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.SetComputerCmdletASKER
I may have discovered my problem.. apparently '-InactiveFor' is not a valid option for 'Set-QADComputer' but only for 'Get-QADComputer'. Hmm now my idea in its present form is shot. I know the results from a Get command would be saved in memory but how can I access and run a Set command against the contents in memory? Like if I 'get-qadcomputer -searchroot "blah/blah"' then how could I run another filtering command like 'get-qadcomputer -inactivefor' against the results of the previous command?
Oh it won't work for "Set-QADComputer"... Only "Get".
You can do this:
$Computers = Get-QADComputer -SearchRoot 'domain.name/machines/work
"Found $(Computers.count) to disable..."
Read-Host "Ok to continue?"
$x = $Host.UI.RawUI.ReadKey("No
foreach ($Computer in $Computers){
Set-QADComputer $Computer -Description "Disabled on $(Get-Date)"
# Disable the account
Disable-QADComputer $Computer
# Move the account
Move-QADObject $Computer -NewParentContainer "domain.name/disabled workstations"
}
"Computers disabled, moved and description changed"
"Have a nice day"
Pause
You can do this:
$Computers = Get-QADComputer -SearchRoot 'domain.name/machines/work
"Found $(Computers.count) to disable..."
Read-Host "Ok to continue?"
$x = $Host.UI.RawUI.ReadKey("No
foreach ($Computer in $Computers){
Set-QADComputer $Computer -Description "Disabled on $(Get-Date)"
# Disable the account
Disable-QADComputer $Computer
# Move the account
Move-QADObject $Computer -NewParentContainer "domain.name/disabled workstations"
}
"Computers disabled, moved and description changed"
"Have a nice day"
Pause
ASKER
Ran this, first error noted in console below:
Then it appears to not like the OK to continue box, which is probably my choice of bad script.
The term 'Computers.count' is not recognized as the name of a cmdlet, function, script file, or operable program
. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\Users\bhart.DIFC\AppData\Local\Temp\fedf1302-e1f7-4ece-9666-0c29c845fdb8.ps1:11 char:16
+ Computers.count <<<<
+ CategoryInfo : ObjectNotFound: (Computers.count:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundExceptionThen it appears to not like the OK to continue box, which is probably my choice of bad script.
Read-Host : An error of type "System.Management.Automation.Host.PromptingException" has occurred.
At C:\Users\bhart.DIFC\AppData\Local\Temp\fedf1302-e1f7-4ece-9666-0c29c845fdb8.ps1:12 char:10
+ Read-Host <<<< "Ok to continue?"
+ CategoryInfo : ResourceUnavailable: (:) [Read-Host], PromptingException
+ FullyQualifiedErrorId : System.Management.Automation.Host.PromptingException,Microsoft.PowerShell.Command
s.ReadHostCommand
Exception calling "ReadKey" with "1" argument(s): "The method or operation is not implemented."
At C:\Users\bhart.DIFC\AppData\Local\Temp\fedf1302-e1f7-4ece-9666-0c29c845fdb8.ps1:13 char:28
+ $x = $Host.UI.RawUI.ReadKey <<<< ("NoEcho,IncludeKeyDown")
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException
You should change your line 14 to:
Get-QADComputer -SearchRoot 'domain.name/machines/workstations/ms' -Inactivefor $time | Set-QADComputer -Description "Disabled on $(Get-Date)"ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Exactly what I needed.. you guys rock!
Try:
-searchroot "ou=ms,ou=workstations,ou=
I haven't tested this since I'm not at work.
HTH,
Dale Harris