I need a script that will do the following:

Query all domain controllers for the LastLogon attribute (not lastlogontimestamp) of users within a specific OU recursively and get any user accounts with lastlogon time greater than 60 days based on the most recent lastlogon between all the domain controllers as lastlogon isn't synced. Then disable the accounts past 60 days and move to a specific OU. Any help would be greatly appreciated!