-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMoveDisabledComputers.ps1
36 lines (31 loc) · 1.66 KB
/
MoveDisabledComputers.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#Script that:
#1. Finds computers not logged into for X days and disables them.
#2. Moves those disabled computers to a new OU.
#3. Checks the disabled OU for disabled computers not logged into for X days and deletes them.
#4. Writes disabled/moved/deleted computers to console.
#DisableDateCutoff and DeleteDateCutoff dates measured in days. Example '$DisableDateCutoff = 90' for 90 days less than current date
#Working OUs and date variables
#$Base = "OU=Computers,DC=Domain,DC=Local"
#$DisabledPCsOU = "OU=DisabledComputers,DC=Domain,DC=Local"
$DisableDateCutoff = 90
$DeleteDateCutoff = 120
$CurrentDate = Get-Date
#Get all computers in OU and subtree.
$Computers = Get-ADComputer -SearchBase $Base -SearchScope 2 -Filter * -Properties *
#If computer has not been logged into for X days move it
ForEach ($Computer in $Computers) {
If ((New-TimeSpan -Start ($Computer.LastLogonDate) -End $CurrentDate).Days -GT $DisableDateCutoff) {
Set-ADComputer -Identity $Computer.ObjectGUID -Enabled $false
Move-ADObject -Identity $Computer.ObjectGUID -TargetPath $DisabledPCsOU
Write-Host $Computer.Name disabled and moved to new OU
}
}
#Find disabled computers in the $DisabledPCsOU
$DisabledComputers = Get-ADComputer -SearchBase $DisabledPCsOU -SearchScope 2 -Filter * -Properties *
#Delete PCs in OU that have not been logged into for X days
ForEach ($DisabledComputer in $DisabledComputers) {
If ((New-TimeSpan -Start ($DisabledComputer.LastLogonDate) -End $CurrentDate).Days -GT $DeleteDateCutoff) {
Remove-ADComputer -Identity $DisabledComputer.ObjectGUID
Write-Host $DisabledComputer.Name deleted
}
}