Forum Discussion
Solved
Disable \ Remove old computer accounts
Hi, I have a script for disabling & removing old computer accounts. Import-Module ActiveDirectory
# Set the Parameters since last logon
$ForDisable = "C:\Logs\Computers Accounts\Disable-$((Ge...
Ok , test it and let me know if this help:
$Computers_For_Action = Search-ADAccount -AccountInactive -DateTime $InactiveDate -ComputersOnly -SearchBase "DC=staff ,DC=local" | Where-Object {($_.Enabled -eq $true) -and ($_.distinguishedname -notlike "*,OU=Servers,*") -and ($_.distinguishedname -notlike "*,OU=Test,*") -and ($_.distinguishedname -notlike "*,OU=IT,*") -and ($_.distinguishedname -notlike "*,OU=Laptops,*") -and ($_.distinguishedname -notlike "*,CN=Computers,*") -and ($_.distinguishedname -notlike "*,CN=Managed Service Accounts,*") }
Search-ADAccount -AccountInactive -DateTime $InactiveDate -ComputersOnly -SearchBase "DC=staff ,DC=local" | Where-Object {($_.whenChanged -lt (Get-Date).AddDays(-1)) -and ($_.distinguishedname -notlike "*,OU=Servers,*") -and ($_.distinguishedname -notlike "*,OU=Test,*") -and ($_.distinguishedname -notlike "*,OU=IT,*") -and ($_.distinguishedname -notlike "*,OU=Laptops,*") -and ($_.distinguishedname -notlike "*,CN=Computers,*") -and ($_.distinguishedname -notlike "*,CN=Managed Service Accounts,*") }dannytveria So the following what you need to add
($_.whenChanged -lt (Get-Date).AddDays(-1)
Hi Faris,
I changed as you said, it didn`t help.
$Computers_For_Action = Search-ADAccount -AccountInactive -DateTime $InactiveDate -ComputersOnly -SearchBase "DC=student ,DC=local" | Where-Object {($_.whenChanged -lt (Get-Date).AddDays(-1)) -and ($_.distinguishedname -notlike "*,OU=Servers,*") -and ($_.distinguishedname -notlike "*,OU=Test,*") -and ($_.distinguishedname -notlike "*,OU=IT,*") -and ($_.distinguishedname -notlike "*,OU=Laptops,*") -and ($_.distinguishedname -notlike "*,CN=Computers,*") -and ($_.distinguishedname -notlike "*,CN=Managed Service Accounts,*") -and ($_.distinguishedname -notlike "*,OU=Classes,*") -and ($_.distinguishedname -notlike "*,OU=Teacher Standing,*") -and ($_.distinguishedname -notlike "*,OU=WVD,*") -and ($_.distinguishedname -notlike "*,OU=Margolin and Chativa Teachers and Workers,*") }I still get in the report the same computers from the first day I runed the script
- Do you have any idea?
When you use the command:
Search-ADAccount -AccountInactive -DateTime $ InactiveDate -ComputersOnlyThis does not mean that the Enabled property is False, it only means that no one has logged in for a long time
To have only the computers which are still activated add a filter to your command:$Computers_For_Action = Search-ADAccount -AccountInactive -DateTime $InactiveDate -ComputersOnly -SearchBase "DC=staff ,DC=local" | Where-Object {($_.Enabled -eq $true) -and ($_.distinguishedname -notlike "*,OU=Servers,*") -and ($_.distinguishedname -notlike "*,OU=Test,*") -and ($_.distinguishedname -notlike "*,OU=IT,*") -and ($_.distinguishedname -notlike "*,OU=Laptops,*") -and ($_.distinguishedname -notlike "*,CN=Computers,*") -and ($_.distinguishedname -notlike "*,CN=Managed Service Accounts,*") }- Hi Aharon,
I didn't understand your all explain.
My final goal is to get a csv report with only the computer accounts that disabled or deleted on the same day.
Thanks