Forum Discussion
Solved
Disable \ Remove old computer accounts
Hi, I have a script for disabling & removing old computer accounts. Import-Module ActiveDirectory
# Set the Parameters since last logon
$ForDisable = "C:\Logs\Computers Accounts\Disable-$((Ge...
Ok , test it and let me know if this help:
$Computers_For_Action = Search-ADAccount -AccountInactive -DateTime $InactiveDate -ComputersOnly -SearchBase "DC=staff ,DC=local" | Where-Object {($_.Enabled -eq $true) -and ($_.distinguishedname -notlike "*,OU=Servers,*") -and ($_.distinguishedname -notlike "*,OU=Test,*") -and ($_.distinguishedname -notlike "*,OU=IT,*") -and ($_.distinguishedname -notlike "*,OU=Laptops,*") -and ($_.distinguishedname -notlike "*,CN=Computers,*") -and ($_.distinguishedname -notlike "*,CN=Managed Service Accounts,*") }
Do you have any idea?
When you use the command:
Search-ADAccount -AccountInactive -DateTime $ InactiveDate -ComputersOnlyThis does not mean that the Enabled property is False, it only means that no one has logged in for a long time
To have only the computers which are still activated add a filter to your command:
$Computers_For_Action = Search-ADAccount -AccountInactive -DateTime $InactiveDate -ComputersOnly -SearchBase "DC=staff ,DC=local" | Where-Object {($_.Enabled -eq $true) -and ($_.distinguishedname -notlike "*,OU=Servers,*") -and ($_.distinguishedname -notlike "*,OU=Test,*") -and ($_.distinguishedname -notlike "*,OU=IT,*") -and ($_.distinguishedname -notlike "*,OU=Laptops,*") -and ($_.distinguishedname -notlike "*,CN=Computers,*") -and ($_.distinguishedname -notlike "*,CN=Managed Service Accounts,*") }- Hi Aharon,
I didn't understand your all explain.
My final goal is to get a csv report with only the computer accounts that disabled or deleted on the same day.
Thanks- Hi,
If you don't specify that you want to deactivate only the computers that are currently active, then the csv file will still contain the computers that have already been deactivated, so you must specify that you want to deactivate only the active computers with the filter ($ _. Enabled -eq $true)- So if I add the filter today, the next run of the script will be empty or only the disabled computers for today?