«

»

Dec 16 2011

Print this Post

Remove unused computer accounts from Active Directory using PowerShell

I can never call myself a PowerShell guru, but I am currently trying my best to “practice” more PowerShell since I know that it is the future of command line administration.

So today, I was doing some regular maintenance to the active directory, just disabling the old computer accounts as a step into removing them later, and decided to use the “Active Directory module for Windows PowerShell” to perform the task.

Note: we are changing the naming policy for the computers, which is why we do not just reset the computer account, which is the recommended method when reinstalling Windows.

Find all XP computers and export as a CSV

For documentation, we decided to export a list of the XP machines that exist in the AD. This command did it.

Get-ADComputer -Filter {OperatingSystem -eq “Windows XP Professional”} -properties * |Select-Object Name, LastLogonDate, DistinguishedName, OperatingSystem, enabled | Export-Csv D:XP_Machines.csv

This exported a list of all the XP machines in the domain, with the path, date last used, OS and status (enabled or disabled) of each account.

Disable all the accounts that did not logon since November

That’s a two-step operation; first you create a variable with the required date and then use a magical command to disable all the machines.

$date=’Nov 1, 2011′
Get-ADComputer -Filter {LastLogonDate -le $date -and OperatingSystem -eq “Windows XP Professional”} |Set-ADComputer -Enabled $False

That’s it, here we used Get-ADComputer to create a list of the required criteria, piped the list to Set-ADComputer to disable the accounts.

In a production environment doing this task manually can take hours and hours, powershell comes in as a very useful timesaver tool.

Useful resources

http://blog.thomaswimprine.com/2010_10_01_archive.html

http://blogs.msdn.com/b/adpowershell/archive/2009/04/14/active-directory-powershell-advanced-filter-part-ii.aspx

Hope you found this useful!

About the author

Walid AlMoselhy

Permanent link to this article: http://almoselhy.azurewebsites.net/2011/12/remove-unused-computer-accounts-from-active-directory-using-powershell/

4 comments

Skip to comment form

  1. seo rankings

    It’s really a cool and useful piece of info. I’m glad that
    you shared this useful information with us. Please keep us
    up to date like this. Thanks for sharing.

  2. Cansu

    Excellent, our Sys Admin people didn’t seem to worry about this, were happy to open as many PS Windows as it took to exropt multiple mailboxes one at a time! Other sites on the web suggested using ps1 scripts but they seemed to dump all users into one PST (which was called .pst !!)As Compliance Analyst who gets lumbered with Litigation Holds which I used to execute in ExMerge, this is an absolute vboon.Thanks againCheers

  3. Walid AlMoselhy

    I’m using Graphene template and some other plugins

    1. Sulaimon

      It’s really a nice and hlfuepl piece of information. I’m satisfied that you simply shared this useful info with us. Please keep us up to date like this. Thanks for sharing.

Leave a Reply

Your email address will not be published. Required fields are marked *