Disable, Move or Delete stale/stagnant/unused computer objects from Active Directory
Hi everybody. I haven’t posted in quite some time (2+ years), but I’m going to post this nugget here today!
Back in december 2015, we had a need to disable, move and delete unused computer objects after a certain amount of days. 21 to disable and 28 to remove. This has been in production since then and has worked perfectly. Enjoy.
Download “Remove-StaleComputers.zip” Remove-StaleComputers.zip – Downloaded 428 times – 2 KB
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 |
############################################## # Name: Remove-StaleComputers # File Name: Remove-StaleComputers.psm1 # Made By: Troy Ward # Website: http://www.automashell.com # Version: 1.1.0 # Created: 12/07/2015 ############################################## function Remove-StaleComputers { [CmdletBinding()] Param( [Parameter(Mandatory=$True)] [Int]$DisableDays, [Parameter(Mandatory=$True)] [Int]$DeleteDays, [Parameter(Mandatory=$False)] [String]$OrganizationalUnit, [Parameter(Mandatory=$True)] [String]$TargetPath, [Parameter(Mandatory=$False)] [Switch]$EnableLogging, [Parameter(Mandatory=$False)] [String]$LoggingPath ) <# .SYNOPSIS Remove Stale Computers from Active Directory. .PARAMETER DisableDays Number of days before moving computers to the Disabled Computers OU. .PARAMETER DeleteDays Number of days before deleting computers. .EXAMPLE Remove-StaleComputers -DisableDays 30 -DeleteDays 37 .EXAMPLE Remove-StaleComputers -DisableDays 30 -DeleteDays 37 -EnableLogging #> BEGIN { $Date = Get-Date -f g if($EnableLogging) { $OutputFileDate = Get-Date -format MM.dd.yyyy-h.mm.sstt if(!$LoggingPath) { $LoggingPath = (Get-Location).Path } if(!(Test-Path "$LoggingPath\$OutputFileDate.txt")) { $NewFile = New-Item "$LoggingPath\$OutputFileDate.txt" -type file } } } PROCESS { if(!$DisableDays -or !$DeleteDays) { $DisableDays = 21; $DeleteDays = 28 } if($DisableDays -le 6 -or $DeleteDays -le 6) { $caption = "Please Confirm" $message = "Warning: The time since last logon is set exceptionally low (less than a week), are you sure you want to continue?" [int]$defaultChoice = 0 $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes", "Do the job." $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No", "Do not do the job." $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no) $choiceRTN = $host.ui.PromptForChoice($caption,$message, $options,$defaultChoice) if($choiceRTN -eq 1) { break } } $Disable = (Get-Date).AddDays(-$DisableDays) $Delete = (Get-Date).AddDays(-$DeleteDays) $errormessage = $null # Get Computers try { $DisableComputers = Get-ADComputer -Property Name,lastLogonDate,DistinguishedName,OperatingSystem -Filter {lastLogonDate -lt $Disable} -ea stop | where {$_.DistinguishedName -notlike "*Server*" -and $_.OperatingSystem -notlike "*Server*"} $DeleteComputers = Get-ADComputer -Property Name,lastLogonDate,DistinguishedName,OperatingSystem -Filter {lastLogonDate -lt $Delete} -ea stop | where {$_.Enabled -eq $false -and $_.DistinguishedName -notlike "*Server*" -and $_.OperatingSystem -notlike "*Server*"} } catch [system.exception] { $errormessage = $($_.Exception.Message) } finally { if($EnableLogging) { if($errormessage) { $TimeStamp = Get-Date -format T; "[$TimeStamp][ERROR] Unable to get a list of Computers. Error: $errormessage" | Add-Content "$LoggingPath\$OutputFileDate.txt" } else { $TimeStamp = Get-Date -format T; "[$TimeStamp][INFO] Successfully compiled stale computer list." | Add-Content "$LoggingPath\$OutputFileDate.txt" } } } # Disable Stale Computers if($EnableLogging) { $TimeStamp = Get-Date -format T; "[$TimeStamp][INFO] Disabling Computers..." | Add-Content "$LoggingPath\$OutputFileDate.txt" } try { $Count = 0 $DisableComputers | foreach { Set-ADComputer $_ -Enabled $false -ea stop if($EnableLogging) { $TimeStamp = Get-Date -format T; "[$TimeStamp][INFO] " + $_.Name + " Disabled" | Add-Content "$LoggingPath\$OutputFileDate.txt" } $Count++ } } catch [system.exception] { $errormessage = $($_.Exception.Message) } finally { if($EnableLogging) { if($errormessage) { $TimeStamp = Get-Date -format T; "[$TimeStamp][ERROR] Failed to disable computer. Error: $errormessage" | Add-Content "$LoggingPath\$OutputFileDate.txt" } else { $TimeStamp = Get-Date -format T; "[$TimeStamp][INFO] Successfully disabled $Count computers." | Add-Content "$LoggingPath\$OutputFileDate.txt" } } } # Move Stale Computers if($EnableLogging) { $TimeStamp = Get-Date -format T; "[$TimeStamp][INFO] Moving Computers..." | Add-Content "$LoggingPath\$OutputFileDate.txt" } try { $Count = 0 $DisableComputers | foreach { Move-ADObject $_ -TargetPath "$TargetPath" if($EnableLogging) { $TimeStamp = Get-Date -format T; "[$TimeStamp][INFO] " + $_.Name + " Moved" | Add-Content "$LoggingPath\$OutputFileDate.txt" } $Count++ } } catch [system.exception] { $errormessage = $($_.Exception.Message) } finally { if($EnableLogging) { if($errormessage) { $TimeStamp = Get-Date -format T; "[$TimeStamp][ERROR] Failed to move computer. Error: $errormessage" | Add-Content "$LoggingPath\$OutputFileDate.txt" } else { $TimeStamp = Get-Date -format T; "[$TimeStamp][INFO] Successfully moved $Count computers." | Add-Content "$LoggingPath\$OutputFileDate.txt" } } } # Delete Stale Computers if($EnableLogging) { $TimeStamp = Get-Date -format T; "[$TimeStamp][INFO] Removing Computers..." | Add-Content "$LoggingPath\$OutputFileDate.txt" } try { $Count = 0 $DeleteComputers | foreach { Remove-ADObject $_ -Recursive -confirm:$false if($EnableLogging) { $TimeStamp = Get-Date -format T; "[$TimeStamp][INFO] " + $_.Name + " Removed" | Add-Content "$LoggingPath\$OutputFileDate.txt" } $Count++ } } catch [system.exception] { $errormessage = $($_.Exception.Message) } finally { if($EnableLogging) { if($errormessage) { $TimeStamp = Get-Date -format T; "[$TimeStamp][ERROR] Failed to remove computer. Error: $errormessage" | Add-Content "$LoggingPath\$OutputFileDate.txt" } else { $TimeStamp = Get-Date -format T; "[$TimeStamp][INFO] Successfully removed $Count computers." | Add-Content "$LoggingPath\$OutputFileDate.txt" } } } } } |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
############################################## # Name: Remove-StaleComputers # File Name: Remove-StaleComputers.ps1 # Made By: Troy Ward # Website: http://www.automashell.com # Version: 1.1.0 # Created: 12/07/2015 ############################################## # Import Active Directory Module import-module activedirectory # Import Remove-StaleComputers Module import-module .\Remove-StaleComputers.psm1 # Execute Remove-StaleComputers Remove-StaleComputers -DisableDays 21 -DeleteDays 28 -TargetPath "OU=Disabled Computers,DC=domain,DC=com" -EnableLogging -LoggingPath "C:\Script Logs\Remove-StaleComputers" |
