Aug 26 2021 04:36 AM
Hi,
I made a script to disable old computer accounts.
My Sysadmin asked me to disable after 180 days and remove them after a year.
My goal is to disable computer accounts after 180 days and export to CSV
then delete computer accounts after 356 days and export to CSV.
Import-Module ActiveDirectory
# Set the Parameters since last logon
$DaysInactive = 180
$InactiveDate = (Get-Date).Adddays(-($DaysInactive))
$ForDisableLog = "C:\scripts\ComputerAccounts\Logs\For_Disable$((Get-Date).ToString('dd-MM-yyyy')).csv"
#-------------------------------
# FIND INACTIVE COMPUTERS
#-------------------------------
# Automated way (includes never logged on computers)
$Computers_For_Disable = Search-ADAccount -AccountInactive -DateTime $InactiveDate -ComputersOnly -SearchBase "DC=staff ,DC=local" | Where-Object {$_.distinguishedname -notlike "*,OU=Servers,*"} | Where-Object {$_.distinguishedname -notlike "*,OU=Test,*"} | Where-Object {$_.distinguishedname -notlike "*,OU=IT,*"} | Where-Object {$_.distinguishedname -notlike "*,OU=Laptops,*"} | Where-Object {$_.distinguishedname -notlike "*,CN=Computers,*"} | Select-Object Name, LastLogonDate, Enabled, DistinguishedName
#-------------------------------
# REPORTING
#-------------------------------
# Export results to CSV
$Computers_For_Disable | Export-Csv "C:\scripts\ComputerAccounts\Logs\For_Disable$((Get-Date).ToString('dd-MM-yyyy')).csv" -NoTypeInformation -Encoding UTF8
Aug 27 2021 07:53 AM
Aug 27 2021 09:29 AM
Aug 28 2021 03:52 AM
I wrote a quick script to do what you need, but please note
this script will REMOVE, and DISABLE adcomputer account, test it first and make sure its doing the result you need before applying it to production..
So what you need to change only is the last line,
Get-BadPC -Days 180 -Action Disable
Days= what ever number of day
and action if you want to delete or disable.
function Get-BadPC{
param(
[parameter(mandatory=$true)]$Days,
[parameter(mandatory=$true)]
[ValidateSet('Delete','Disable')]$Action
)
$InactiveDate = (Get-Date).Adddays(-($Days))
$Computers_For_Action = Search-ADAccount -AccountInactive -DateTime $InactiveDate -ComputersOnly -SearchBase "DC=Test ,DC=local" | Where-Object {($_.distinguishedname -notlike "*,OU=Servers,*") -or ($_.distinguishedname -notlike "*,OU=Test,*") -or ($_.distinguishedname -notlike "*,OU=IT,*") -or ($_.distinguishedname -notlike "*,OU=Laptops,*") -or ($_.distinguishedname -notlike "*,CN=Computers,*")}
$Computers_For_Action | Export-Csv "C:\Users\Administrator\Downloads\$($Action)-$((Get-Date).ToString('dd-MM-yyyy')).csv" -NoTypeInformation -Encoding UTF8
switch ($action){
Disable {$Computers_For_Action | Disable-ADAccount }
Delete {$Computers_For_Action | Remove-ADComputer -Confirm:$False }
}
}
Get-BadPC -Days 180 -Action Disable
Aug 28 2021 05:06 AM
Aug 28 2021 10:48 PM
Aug 28 2021 11:44 PM
Aug 29 2021 06:50 AM
If you use the script provided by @farismalaeb, you only need to add Get-BadPC -Days 365 -Action Delete on row 21 and save the file as a ps1 file.
function Get-BadPC{
param(
[parameter(mandatory=$true)]$Days,
[parameter(mandatory=$true)]
[ValidateSet('Delete','Disable')]$Action
)
$InactiveDate = (Get-Date).Adddays(-($Days))
$Computers_For_Action = Search-ADAccount -AccountInactive -DateTime $InactiveDate -ComputersOnly -SearchBase "DC=Test ,DC=local" | Where-Object {($_.distinguishedname -notlike "*,OU=Servers,*") -or ($_.distinguishedname -notlike "*,OU=Test,*") -or ($_.distinguishedname -notlike "*,OU=IT,*") -or ($_.distinguishedname -notlike "*,OU=Laptops,*") -or ($_.distinguishedname -notlike "*,CN=Computers,*")}
$Computers_For_Action | Export-Csv "C:\Users\Administrator\Downloads\$($Action)-$((Get-Date).ToString('dd-MM-yyyy')).csv" -NoTypeInformation -Encoding UTF8
switch ($action){
Disable {$Computers_For_Action | Disable-ADAccount }
Delete {$Computers_For_Action | Remove-ADComputer -Confirm:$False }
}
}
Get-BadPC -Days 180 -Action Disable
Get-BadPC -Days 365 -Action Delete
Then you can run the script from PowerShell by just running .\ScriptLocation\scriptname.ps1
You could also add some logging to the script with the Write-Log Function
function Write-Log([string[]]$Message, [string]$LogFile = $Script:LogFile, [switch]$ConsoleOutput, [ValidateSet("SUCCESS", "INFO", "WARN", "ERROR", "DEBUG")][string]$LogLevel)
{
$Message = $Message + $Input
If (!$LogLevel) { $LogLevel = "INFO" }
switch ($LogLevel)
{
SUCCESS { $Color = "Green" }
INFO { $Color = "White" }
WARN { $Color = "Yellow" }
ERROR { $Color = "Red" }
DEBUG { $Color = "Gray" }
}
if ($Message -ne $null -and $Message.Length -gt 0)
{
$TimeStamp = [System.DateTime]::Now.ToString("yyyy-MM-dd HH:mm:ss")
if ($LogFile -ne $null -and $LogFile -ne [System.String]::Empty)
{
Out-File -Append -FilePath $LogFile -InputObject "[$TimeStamp] $Message"
}
if ($ConsoleOutput -eq $true)
{
Write-Host "[$TimeStamp] [$LogLevel] :: $Message" -ForegroundColor $Color
}
}
}
You will have some reference for later on which devices have been disabled and which are deleted.
Aug 29 2021 10:37 AM
The point of creating a function is to reduce code duplication, plus it provides better control of the business requirement.
the only change you need to do is add 1 extra line as @RGijsbersRademakers say
Get-BadPC -Days 180 -Action Disable
Get-BadPC -Days 365 -Action Delete
Thanks
Sep 02 2021 09:50 AM
Sep 02 2021 10:23 AM
Sep 03 2021 05:39 AM
Sep 03 2021 08:55 AM
Sep 04 2021 07:40 AM
Sep 04 2021 03:40 PM
Sep 05 2021 01:28 AM
Sep 05 2021 02:10 AM
function Get-BadPC{
param(
[parameter(mandatory=$true)]$Days,
[parameter(mandatory=$true)]
[ValidateSet('Delete','Disable')]$Action )
$InactiveDate = (Get-Date).Adddays(-($Days))
$Computers_For_Action = Search-ADAccount -AccountInactive -DateTime $InactiveDate -ComputersOnly -SearchBase "DC=Test ,DC=local" | Where-Object {($_.distinguishedname -notlike "*,OU=Servers,*") -or ($_.distinguishedname -notlike "*,OU=Test,*") -or ($_.distinguishedname -notlike "*,OU=IT,*") -or ($_.distinguishedname -notlike "*,OU=Laptops,*") -or ($_.distinguishedname -notlike "*,CN=Computers,*")} | Select-Object Name, LastLogonDate, Enabled, DistinguishedName
$Computers_For_Action | Export-Csv "C:\Users\Administrator\Desktop\$($Action)-$((Get-Date).ToString('dd-MM-yyyy')).csv" -NoTypeInformation -Encoding UTF8
switch ($action){
Disable {$Computers_For_Action | Disable-ADAccount }
Delete {$Computers_For_Action | Remove-ADComputer -Confirm:$False }
}
}
Get-BadPC -Days 180 -Action Disable
Get-BadPC -Days 356 -Action Delete
This is my script and i get the next error
Disable-ADAccount : The input object cannot be bound to any parameters for the command either because the command does not take pipel
ine input or the input and its properties do not match any of the parameters that take pipeline input.
Sep 05 2021 11:40 PM
@dannytveria Hi
Yes, this is expected if the number of computer object returned is zero.
You can see the result by running the query it self
$InactiveDate = (Get-Date).Adddays(-($Days))
$Computers_For_Action = Search-ADAccount -AccountInactive -DateTime $InactiveDate -ComputersOnly -SearchBase "DC=Test ,DC=local" | Where-Object {($_.distinguishedname -notlike "*,OU=Servers,*") -or ($_.distinguishedname -notlike "*,OU=Test,*") -or ($_.distinguishedname -notlike "*,OU=IT,*") -or ($_.distinguishedname -notlike "*,OU=Laptops,*") -or ($_.distinguishedname -notlike "*,CN=Computers,*")} | Select-Object Name, LastLogonDate, Enabled, DistinguishedName
Write-Host "The Number of hosts in your search is " -NoNewline
Write-Host "$($Computers_For_Action.count)" -ForegroundColor Green
Sep 06 2021 02:23 AM
Sep 07 2021 01:38 AM
Sep 13 2021 04:27 AM
SolutionGlad it works
Would you please mark the answer as best respones
Thanks