Tuesday, 30 August 2011

Inactive computer account clean up

                         As workstations get added and removed to AD, computer accounts become needs to be cleaned up so they can be used for new computers. The following Powershell code retrieves all computers that either has not logged into AD for more than 90 days or never logged in and exports into a file.

Get-QADComputer -SizeLimit 0 -IncludedProperties LastLogonTimeStamp -SearchRoot 'ad.umbc.edu/Dept' |
where { ($_.AccountIsDisabled -eq $false) -and (($_.LastLogonTimeStamp -eq $null) -or ((((get-date) - $_.LastLogonTimeStamp).Days) -gt 90)) } |
Select-Object Name, ParentContainer, DN | Sort -Property ParentContainer| Export-Csv <file>


jhon drake said...

Very interesting information! Thanks for providing this very satisfactory and concise explanation but I tried this active directory cleanup tool (http://www.lepide.com/active-directory-cleaner/) which assist me to find out and removing old computer accounts and easily manage inactive computer accounts. It helps to view and manage the computer's activities and get comprehensive reports on inactive user and computer accounts who never logged and get true last logon details of accounts.

Post a Comment