cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Disable \ Remove old computer accounts

dannytveria
Brass Contributor

‎Oct 25 2021 10:58 PM

‎Oct 25 2021 10:58 PM

Disable \ Remove old computer accounts

Hi,

I have a script for disabling & removing old computer accounts.

 

Import-Module ActiveDirectory

# Set the Parameters since last logon

$ForDisable = "C:\Logs\Computers Accounts\Disable-$((Get-Date).ToString('dd-MM-yyyy')).csv"
$ForDelete = "C:\Logs\Computers Accounts\Delete-$((Get-Date).ToString('dd-MM-yyyy')).csv"



# Automated way (includes never logged on computers)

function Get-BadPC{
param(
[parameter(mandatory=$true)]$Days,
[parameter(mandatory=$true)]
[ValidateSet('Delete','Disable')]$Action
)
$InactiveDate = (Get-Date).Adddays(-($Days))
$Computers_For_Action = Search-ADAccount -AccountInactive -DateTime $InactiveDate -ComputersOnly -SearchBase "DC=staff ,DC=local" | Where-Object {($_.distinguishedname -notlike "*,OU=Servers,*") -and ($_.distinguishedname -notlike "*,OU=Test,*") -and ($_.distinguishedname -notlike "*,OU=IT,*") -and ($_.distinguishedname -notlike "*,OU=Laptops,*") -and ($_.distinguishedname -notlike "*,CN=Computers,*") -and ($_.distinguishedname -notlike "*,CN=Managed Service Accounts,*") }
$Computers_For_Action | Export-Csv "C:\Logs\Computers Accounts\$($Action)-$((Get-Date).ToString('dd-MM-yyyy')).csv" -NoTypeInformation -Encoding UTF8

switch ($action){
Disable {$Computers_For_Action | Disable-ADAccount }
Delete {$Computers_For_Action | Remove-ADComputer -Confirm:$False }

}

}
Get-BadPC -Days 180 -Action Disable
Get-BadPC -Days 365 -Action Delete

 

The script working great.

the problem I get every day is the same computer accounts that have already been disabled or deleted on the previous day.

My goal is to receive a CSV file with the computer account that is disabled or removed on the same day.

thanks for the help.

Labels:
2,898 Views
0 Likes
14 Replies
Reply
14 Replies
farismalaeb

‎Oct 26 2021 01:11 PM

‎Oct 26 2021 01:11 PM

Re: Disable \ Remove old computer accounts

Hi,
You will need to modify the filter and add the modifieddate property in the search criteria.
0 Likes
Reply
dannytveria

‎Oct 26 2021 01:16 PM

‎Oct 26 2021 01:16 PM

Re: Disable \ Remove old computer accounts

How do I do it?
0 Likes
Reply
farismalaeb

‎Oct 27 2021 12:48 AM

‎Oct 27 2021 12:48 AM

Re: Disable \ Remove old computer accounts 

Search-ADAccount -AccountInactive -DateTime $InactiveDate -ComputersOnly -SearchBase "DC=staff ,DC=local" | Where-Object {($_.whenChanged -lt (Get-Date).AddDays(-1)) -and ($_.distinguishedname -notlike "*,OU=Servers,*") -and ($_.distinguishedname -notlike "*,OU=Test,*") -and ($_.distinguishedname -notlike "*,OU=IT,*") -and ($_.distinguishedname -notlike "*,OU=Laptops,*") -and ($_.distinguishedname -notlike "*,CN=Computers,*") -and ($_.distinguishedname -notlike "*,CN=Managed Service Accounts,*") }

@dannytveria So the following what you need to add

($_.whenChanged -lt (Get-Date).AddDays(-1)

 

 

0 Likes
Reply
dannytveria

‎Oct 28 2021 06:16 AM

‎Oct 28 2021 06:16 AM

Re: Disable \ Remove old computer accounts

Hi Faris,
I changed today the script, I will update tomorrow.
thanks
0 Likes
Reply
dannytveria

‎Oct 29 2021 01:18 AM

‎Oct 29 2021 01:18 AM

Re: Disable \ Remove old computer accounts

@farismalaeb 

Hi Faris,
I changed as you said, it didn`t help.

$Computers_For_Action = Search-ADAccount -AccountInactive -DateTime $InactiveDate -ComputersOnly -SearchBase "DC=student ,DC=local" | Where-Object {($_.whenChanged -lt (Get-Date).AddDays(-1)) -and ($_.distinguishedname -notlike "*,OU=Servers,*") -and ($_.distinguishedname -notlike "*,OU=Test,*") -and ($_.distinguishedname -notlike "*,OU=IT,*") -and ($_.distinguishedname -notlike "*,OU=Laptops,*") -and ($_.distinguishedname -notlike "*,CN=Computers,*") -and ($_.distinguishedname -notlike "*,CN=Managed Service Accounts,*") -and ($_.distinguishedname -notlike "*,OU=Classes,*") -and ($_.distinguishedname -notlike "*,OU=Teacher Standing,*") -and ($_.distinguishedname -notlike "*,OU=WVD,*") -and ($_.distinguishedname -notlike "*,OU=Margolin and Chativa Teachers and Workers,*") }

I still get in the report the same computers from the first day I runed the script

0 Likes
Reply
dannytveria

‎Nov 01 2021 12:57 AM

‎Nov 01 2021 12:57 AM

Re: Disable \ Remove old computer accounts

Do you have any idea?
0 Likes
Reply
AharonBensadoun

‎Nov 01 2021 02:45 AM

‎Nov 01 2021 02:45 AM

Re: Disable \ Remove old computer accounts

@dannytveria 

When you use the command:

Search-ADAccount -AccountInactive -DateTime $ InactiveDate -ComputersOnly

This does not mean that the Enabled property is False, it only means that no one has logged in for a long time
To have only the computers which are still activated add a filter to your command:

$Computers_For_Action = Search-ADAccount -AccountInactive -DateTime $InactiveDate -ComputersOnly -SearchBase "DC=staff ,DC=local" | Where-Object {($_.Enabled -eq $true) -and ($_.distinguishedname -notlike "*,OU=Servers,*")  -and ($_.distinguishedname -notlike "*,OU=Test,*") -and ($_.distinguishedname -notlike "*,OU=IT,*") -and ($_.distinguishedname -notlike "*,OU=Laptops,*") -and ($_.distinguishedname -notlike "*,CN=Computers,*") -and ($_.distinguishedname -notlike "*,CN=Managed Service Accounts,*") }
0 Likes
Reply
dannytveria

‎Nov 01 2021 06:58 AM

‎Nov 01 2021 06:58 AM

Re: Disable \ Remove old computer accounts

Hi Aharon,
I didn't understand your all explain.
My final goal is to get a csv report with only the computer accounts that disabled or deleted on the same day.
Thanks
0 Likes
Reply
AharonBensadoun

‎Nov 02 2021 02:36 AM

‎Nov 02 2021 02:36 AM

Re: Disable \ Remove old computer accounts

Hi,
If you don't specify that you want to deactivate only the computers that are currently active, then the csv file will still contain the computers that have already been deactivated, so you must specify that you want to deactivate only the active computers with the filter ($ _. Enabled -eq $true)
0 Likes
Reply
dannytveria

‎Nov 02 2021 02:46 AM

‎Nov 02 2021 02:46 AM

Re: Disable \ Remove old computer accounts

So if I add the filter today, the next run of the script will be empty or only the disabled computers for today?
0 Likes
Reply
AharonBensadoun

‎Nov 02 2021 03:00 AM

‎Nov 02 2021 03:00 AM

Re: Disable \ Remove old computer accounts

If you restart the script just after then effectively the csv will be empty, so you will have to wait until the computers are new "old" for the script to return results. It will depend on your $InactiveDate filter
0 Likes
Reply
dannytveria

‎Nov 02 2021 03:02 AM

‎Nov 02 2021 03:02 AM

Re: Disable \ Remove old computer accounts

 

Get-BadPC -Days 180 -Action Disable
Get-BadPC -Days 365 -Action Delete

@AharonBensadoun 

this the parameters for inactive days

0 Likes
Reply
best response confirmed by dannytveria (Brass Contributor)
AharonBensadoun

‎Nov 02 2021 04:22 AM

‎Nov 02 2021 04:22 AM

Solution

Re: Disable \ Remove old computer accounts

@dannytveria 

 

Ok , test it and let me know if this help:

$Computers_For_Action = Search-ADAccount -AccountInactive -DateTime $InactiveDate -ComputersOnly -SearchBase "DC=staff ,DC=local" | Where-Object {($_.Enabled -eq $true) -and ($_.distinguishedname -notlike "*,OU=Servers,*")  -and ($_.distinguishedname -notlike "*,OU=Test,*") -and ($_.distinguishedname -notlike "*,OU=IT,*") -and ($_.distinguishedname -notlike "*,OU=Laptops,*") -and ($_.distinguishedname -notlike "*,CN=Computers,*") -and ($_.distinguishedname -notlike "*,CN=Managed Service Accounts,*") }
0 Likes
Reply
dannytveria

‎Nov 04 2021 05:36 AM

‎Nov 04 2021 05:36 AM

Re: Disable \ Remove old computer accounts

Thanks Aharon for your help
0 Likes
Reply