Carl Billington
asked on
Help with existing Quest ActiveRoles ADManagement Powershell Script
Current script:
The -InactiveFor 90 function is not working. Do you know why?
Get-ADComputer -Filter * -Properties memberof | ? { ($_.memberof | Out-String) -notmatch 'Inactive Computers Policy Exclusion'} | Where-Object { -InactiveFor 90 }
The -InactiveFor 90 function is not working. Do you know why?
ASKER
I am already using Quest
ASKER
And it's not working.
I just used this and it worked for me:
Import-Module ActiveDirectory
Import-Module (get-pssnapin Quest.ActiveRoles.ADManage ment -Registered).ModuleName
Get-QADComputer -InactiveFor 90 | Select-Object -Expand memberof | Where-Object { $_ -notmatch 'value' }
Import-Module ActiveDirectory
Import-Module (get-pssnapin Quest.ActiveRoles.ADManage
Get-QADComputer -InactiveFor 90 | Select-Object -Expand memberof | Where-Object { $_ -notmatch 'value' }
ASKER
This command lists hundreds of results:
Get-QADComputer -InactiveFor 90
This command lists two results:
Get-QADComputer -InactiveFor 90 | Select-Object -Expand memberof | Where-Object { $_ -notmatch 'Inactive Computers Policy Exclusion' }
There are only two computers in the security group 'Inactive Computers Policy Exclusion'.
Doesn't make sense.
Get-QADComputer -InactiveFor 90
This command lists two results:
Get-QADComputer -InactiveFor 90 | Select-Object -Expand memberof | Where-Object { $_ -notmatch 'Inactive Computers Policy Exclusion' }
There are only two computers in the security group 'Inactive Computers Policy Exclusion'.
Doesn't make sense.
This will help you find exactly what you are looking for:
http://dmitrysotnikov.wordpress.com/2010/07/30/locating-obsolete-users-and-computers/
inactivefor might not be the flag you need but rather:
NotLoggedOnFor
http://dmitrysotnikov.wordpress.com/2010/07/30/locating-obsolete-users-and-computers/
inactivefor might not be the flag you need but rather:
NotLoggedOnFor
Another little nugget on the flags you can use with Quest:
http://wiki.powergui.org/index.php/Get-QADComputer
http://wiki.powergui.org/index.php/Get-QADComputer
ASKER
Umm "InactiveFor" is the command I want to use.
Wonder why it's working for you and not me.
Wonder why it's working for you and not me.
Try usng this script to do what you want:
http://gallery.technet.microsoft.com/ScriptCenter/6b8163d1-5fae-43b5-a664-a2d1f6e1e2da/
I am talking to a few folks and we all agree there is no "simple and safe" way to do this so please approach with an abundance of caution.
http://gallery.technet.microsoft.com/ScriptCenter/6b8163d1-5fae-43b5-a664-a2d1f6e1e2da/
I am talking to a few folks and we all agree there is no "simple and safe" way to do this so please approach with an abundance of caution.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Problem solved.
Get-Adcomputer - Microsoft AD cmdlet (NO Inactive flag available here)
Get-QADComputer - Quest cmdlet (Inactive for is available here)
http://www.quest.com/powershell/activeroles-server.aspx
Once you download and install the cmdlets above this will work for you.