TheScarfedOne
Spring Cleaning your AD
by , 24th February 2011 at 02:35 PM (2942 Views)
That time of year again (well - for us anyway), after doing a load of machine rebuilds - and name changes etc - your AD may look a bit cluttered. Even more so as we moved from using RIS (groan - old tech alert) to SCCM...
So - rather than resurrect some old threads, here is a collection of highly useful powershell scripts to hunt out those old computers and remove them or move them to another OU so you can spot them all together.
Credit to original posters: Boz_l and Rabbieburns
For this, you will need to install and run the Quest Powershell console.
Quest AD Cmdlets are free to download from PowerShell Commands (CMDLETs) for Active Directory by Quest Software
GOTCHA: these commands do not seem to run in the standard shell even with the cmdlets installed. A bit like exchange 2010 seems to need its own shell.
Outputs to shell console:
Code:get-qadcomputer -IncludeAllProperties | Where-Object { $_.lastlogon -lt (get-date).AddDays(-90) }
Outputs to csv:
Code:get-qadcomputer -IncludeAllProperties | Where-Object { $_.lastlogon -lt (get-date).AddDays(-90) } | select-object Name, ParentContainer, Description, pwdLastSet | export-csv c:\outdated.csv
Moves to alternate OU:
Tack this to the end to disable the accounts:Code:get-qadcomputer -IncludeAllProperties | Where-Object { $_.lastlogon -lt (get-date).AddDays(-90) } | Move-QADObject -to my.corp/obsolete
Check Locate obsolete computer records in AD « Dmitry’s PowerBlog: PowerShell and beyond for more.Code:| disable-QADComputer
And QAD cmdlets reference - PowerGUI Wiki
Enjoy :-)
Email Blog Entry
Go to Profile
Mark as Read
