Complex AD script for stale computer accounts
I am known as 'the PowerShell' guy at work, mainly because I have begun studying and know a little bit about PowerShell and nobody else does. Normally, I will research and write my own PS scripts, but I may be in over my head on this one and with a Monday deadline, I would appreciate any help I can get.
We have inherited a real Active Directory mess, and the stale computers in AD are really messing with our SCCM, licensing, and security reports.
The plan is for me to provide a script that will:
Disable and move workstation accounts that have not been online for 60 days to a Disabled Workstations OU for holding - then LOG at least the computer name
Delete those accounts in the Disabled Workstations OU after 30 days - then LOG at least the computer name
I'm not sure what they mean by log, but I imagine an Excel spreadsheet would do, at least in the short term. I can research in the future what other attributes can be added to entries in the log
MGMT wants a lot more added to the script in the future to make it more granular, and I imagine that it will be getting rather large over the next few weeks, but those 2 actions are required by Monday (or Maybe Tuesday if I grovel). I am really excited about the long-term project, this should be really informative.
The worst part about the timing of this is that I will be in a wedding party all day today, and won't have much free time this weekend...
----
I have a few lines of code:
$disacct = (Get-Date).AddDays(-60)
$delacct = (Get-Date).AddDays(-30)
# For disabling the account:
Get-ADComputer -Property Name,lastLogonDate -Filter {lastLogonDate -lt $disacct} | Set-ADComputer -Enabled $false
#not sure about the correct syntax to add the move to different OU
--
# For deleting the account:
Get-ADComputer -Property Name,lastLogonDate -Filter {lastLogonDate -lt $delacct} | Remove-ADComputer
----
Once again, any assistance is sincerely appreciated. I know that I am asking a lot here.
We have inherited a real Active Directory mess, and the stale computers in AD are really messing with our SCCM, licensing, and security reports.
The plan is for me to provide a script that will:
Disable and move workstation accounts that have not been online for 60 days to a Disabled Workstations OU for holding - then LOG at least the computer name
Delete those accounts in the Disabled Workstations OU after 30 days - then LOG at least the computer name
I'm not sure what they mean by log, but I imagine an Excel spreadsheet would do, at least in the short term. I can research in the future what other attributes can be added to entries in the log
MGMT wants a lot more added to the script in the future to make it more granular, and I imagine that it will be getting rather large over the next few weeks, but those 2 actions are required by Monday (or Maybe Tuesday if I grovel). I am really excited about the long-term project, this should be really informative.
The worst part about the timing of this is that I will be in a wedding party all day today, and won't have much free time this weekend...
----
I have a few lines of code:
$disacct = (Get-Date).AddDays(-60)
$delacct = (Get-Date).AddDays(-30)
# For disabling the account:
Get-ADComputer -Property Name,lastLogonDate -Filter {lastLogonDate -lt $disacct} | Set-ADComputer -Enabled $false
#not sure about the correct syntax to add the move to different OU
--
# For deleting the account:
Get-ADComputer -Property Name,lastLogonDate -Filter {lastLogonDate -lt $delacct} | Remove-ADComputer
----
Once again, any assistance is sincerely appreciated. I know that I am asking a lot here.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER