Remove computers from SCCM that are no longer in a SCCM AD discovery container

This script will remove computer objects from SCCM that no longer exist in your defined Active Directory System Discovery locations. This type of cleanup activity is especially useful when trying to obtain accurate client saturation statistics.

 
 
 
 
 
5 Star
(3)
5,422 times
Add to favorites
System Center
4/2/2016
E-mail Twitter del.icio.us Digg Facebook
  • Senior Analyst
    1 Posts | Last post December 02, 2019
    • Thank you so much Mike for your efforts. However, it is deleting all the system present in the collection without comparing the existence in AD. I have mentioned a collection name, in that few machines were present in AD. But upon executing the script, it deleted all the machines. Please suggest. 
  • Nice tool!
    1 Posts | Last post October 11, 2019
    • I love it! thanks for posting this script. 
  • Tested but removing also active computers
    1 Posts | Last post October 09, 2019
    • Tested but removing also active computers. Can you clarify that it works properly?
  • Error
    2 Posts | Last post July 13, 2019
    • HI Mike,
      
      When I run the PowerShell I keep getting the below error message. Any ideas?
      
      Add-PSSnapin : No snap-ins have been registered for Windows PowerShell version 5.
      At line:42 char:30
      + ...    If(!$UseRSATModule){ Add-PSSnapin Quest.ActiveRoles.ADManagement }
      +                             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : InvalidArgument: (Quest.ActiveRoles.ADManagement:String) [Add-PSSnapin], PSArgumentException
          + FullyQualifiedErrorId : AddPSSnapInRead,Microsoft.PowerShell.Commands.AddPSSnapinCommand
    • Import the SCCM module.
  • Line 57 Char 33 error
    1 Posts | Last post March 27, 2019
    • Keep getting a script error at line 57 char 33 when trying to run on Win2012R2 or win10 
      LDAP is to the root of the domain. 
      
      Get-ADComputer : Directory object not found
      At line:57 char:33
      + ... omputers += Get-ADComputer -Server "$($GCServer):3268" -Filter * -Sea ...
      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : ObjectNotFound: (:) [Get-ADComputer], ADIdentityNotFoundException
          + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADComputer
  • Worked for me!!
    1 Posts | Last post November 15, 2017
    • Awesome man, I just needed to clear up 1 collection that was a lab where all the computers were refreshed and I wanted to check and see if it worked, works like a charm! Thanks!
  • The Rpc server is unavailable
    1 Posts | Last post September 29, 2017
    • For the life of me I cannot work out why this script will not complete.
      It fails for me at the get-wmiobject piece, for unknown reasons. I have the WF off for all profiles on this server.
      -Namespace root\sms\site_$CMSiteCode - does this need to be amended in any way?
  • Running as A Scheduled Task
    4 Posts | Last post July 19, 2017
    • Script runs beautifully in ISE but trying to run as a scheduled task is not working. Any recommendations?
    • I run it as a scheduled job.  Maybe add Start-Transcript -Path "c:/some/directory" right before "No need to edit below this line", and Stop-Transcript to the end.
      
      Then you can see some output?  Also, make sure you read the NOTE and REQUIREMENTS at the very top of the script and verify the system you are running on is configured correctly.
    • Hi Mike-
      The output from the transcript is(MC1 is our site code):
      Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command &'C:\!Tasks\CM-Computer-Cleanup.ps1'
      Process ID: 4256
      PSVersion: 5.1.14393.1198
      PSEdition: Desktop
      PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.14393.1198
      BuildVersion: 10.0.14393.1198
      CLRVersion: 4.0.30319.42000
      WSManStackVersion: 3.0
      PSRemotingProtocolVersion: 2.3
      SerializationVersion: 1.1.0.1
      **********************
      Transcript started, output file is C:\!Tasks\CMCLEAN.log
      Loading computer objects from Active Directory...
      Loading computer objects from SCCM...
      PS>TerminatingError(Set-Location): "The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: Cannot find drive. A drive with the name 'MC1' does not exist."
      >> TerminatingError(Set-Location): "The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: Cannot find drive. A drive with the name 'MC1' does not exist."
      >> TerminatingError(Set-Location): "The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: Cannot find drive. A drive with the name 'MC1' does not exist."
      The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: Cannot find drive. A drive with the name 'MC1' does not exist.
      Set-Location : Cannot find drive. A drive with the name 'MC1' does not exist.
      At C:\!Tasks\CM-Computer-Cleanup.ps1:67 char:9
      +         Set-Location "$($CMSiteCode):"
      +         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : ObjectNotFound: (MC1:String) [Set-Location], DriveNotFoundException
          + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.SetLocationCommand
      
      PS>$global:?
      False
      I loaded the RSAT tools tools on the server so the script is using AD CMDLETS.
      If I run it manual it works great. 
    • Settings are set like this:
      
        # SETTINGS
              # SCCM Site Code (3-digit code) [string]
                  $CMSiteCode = "MC1"
      
              # SCCM Primary Server (server.domain.com) [string]
                  $CMPrimaryServer = "FQDNSERVERNAMEREMOVED"
      
              # Collection name to clean up (typically 'All Systems' or 'All Workstations') [string]
                  $CleanCollection = "All Systems"
      
              # Active Directory global catalog server (server.domain.com) [string]
                  $GCServer = "FQDNSERVERNAMEREMOVED"
      
              # Use the Active Directory Module included with RSAT instead of Active Roles Managment Shell [boolean]
                  $UseRSATModule = $True
  • Deleting wrong computer objects
    2 Posts | Last post June 22, 2017
    • This script does not work for me. When it runs it started to delete things like the computer object for my site servers and other servers that should not be deleted.  How can I run the script to see which objects will be deleted before doing the actual delete?  I have a lot of LDAP settings in AD System Discovery.  It almost looks like it only takes the first one.
    • So my guess on this is that it is trying to delete objects that do not exist in any of the LDAP paths you have provided to the Active Directory System Discovery role.  I use this in an environment that has 11 domains, so I have many LDAP entries as well.  I would double check everything ;)
  • Mulit-level SCCM and AD environment
    1 Posts | Last post May 19, 2017
    • How does this script work for an environment that has a CAS and multiple Primary sites, and a multi level domain? 
1 - 10 of 11 Items