[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 283
  • Last Modified:

Removing old computer accounts across several domains

Hello all,

I need to either find a tool (such as ADtidy or oldcomp) or write a powershell script that will allow me to identify and then delete (as required) computer accounts that have not logged into the domain over a given time period.  The real challenge is I need to be able to check across several domains.

I'm using the following powershell script as a basis but this only references one domain:
(Thanks Matt Vogt)

$time = Read-host
$time = get-date ($time) $date = get-date ($time) -UFormat %d.%m.%y
Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -Properties LastLogonTimeStamp
select-object Name,@{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}} | export-csv .all_old_computers_timestamps

My scripting skills are very rusty so need some help!

Good luck!
0
johnp3472
Asked:
johnp3472
  • 3
  • 2
2 Solutions
 
Felix LevenSenior System and DatabaseadministratorCommented:
I still prefer to do this with the Quest AD cmdlets:

Import the Module:
Add-PSSnapin Quest.ActiveRoles.ADManagement

Open in new window


the cmdlet Get-QADComputer can search for inactive or password not chaged accounts.

Get-QADComputer -Inactive

Open in new window

and
Get-QADComputer -PasswordNotChangedFor

Open in new window


you can connect to different domaints as well:

connect-QADService -Service 'server.domian.local:389'

Open in new window

0
 
footechCommented:
I'm assuming you mean all domains are in the same forest.  So really you just need to direct your queries to a DC in each domain using the -server parameter (depending on what you want to do, sometimes you can use a single global catalog instead).  You may also want to look at using the Search-ADAccount cmdlet as it has a -AccountInactive parameter.
$srvs = (Get-ADForest).domains | ForEach { (Get-ADDomain $_).PDCEmulator }
foreach ($srv in $srvs)
{
   #code here
}

Open in new window

0
 
johnp3472Author Commented:
Thanks for the comments so far guys!  Yes footech, they are all in the same forest.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
footechCommented:
Did that give you the info you needed or are you still facing issues?
0
 
johnp3472Author Commented:
Footech,  I still need to set up a clone of one of our DC's.  Until I've done that, I wont be able to test the script.  Occured to me though that I will need some way to authenticate across the domains!  I think I have the required commands.....  Thanks for checking back!  And now it seems my mobo does not support 64bit architecture.  Now waiting for a new 64bit desktop to arrive!
0
 
johnp3472Author Commented:
Got everything up and running.  Many thanks to you both MrGraves and Footech.  I am going to go split the points as both were helpful!  Have a great christmas guys!
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now