Move and disable inactive computer accounts from Active Directory

This PowerShell script is designed to identify all inactive computers in Active Directory and move them to a specific OU then disable the computer account. It will also set a description to say when the computer was account was disabled.The script can be customised with the sourc

 
 
 
 
 
4.1 Star
(15)
8,184 times
Add to favorites
Active Directory
2/24/2014
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Script without Quest commandlets
    1 Posts | Last post August 09, 2019
    • Does anyone have this same script that does not have quest commandlets in it? It seems you can no longer download those commandlets for free.
  • add windows 7 OS
    1 Posts | Last post October 31, 2018
    • Hello,
      
      This script works really well, but I was hoping to modify it just a bit... 
      Can anyone help me to add a line to only do it for Windows 7 OS?
      
      Thank you in advance! 
  • FYI Typo
    1 Posts | Last post May 30, 2018
    • First line "#Script used to fiund all"
  • Assist with similar
    1 Posts | Last post March 22, 2018
    • Hi Denis,
      
      Is it possible to use a date range within this script?  I am trying to combine several scripts.  What I would like to do is have a script that any PC between 30 and 60 days old gets disabled, but stays in OU. (incase it is just off the network for a while)  Between 60 and 90 days it gets moved to a disabled OU.  And then in 90 days I will delete these PC's  But I can't seem to figure out how to pull a list of PC's between specific dates.
      
      Any help you can provide would be great.
      
      Thanks,
  • Log file
    1 Posts | Last post February 09, 2018
    • Good day,
      
      Great script and thank you! Is there any way we can append the results to a log file?
      
      Thank you again!
  • Please help
    3 Posts | Last post October 27, 2017
    • Get-QADComputer : Cannot resolve directory object for the given identity: 'OU=XX,DC=XX,DC=local'.
      # OU path in above line 
      At line:52 char:1
      + Get-QADComputer -InactiveFor $NumOfDaysInactiveFor -SizeLimit 0 -Sear ...
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : NotSpecified: (:) [Get-QADComputer], ObjectNotFoundException
          + FullyQualifiedErrorId : Quest.ActiveRoles.ArsPowerShellSnapIn.DirectoryAccess.ObjectNotFoundException,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.GetComputerCmdlet
    • This issue got resolve after correcting path but not not getting any error; email or no value in text file.
    • Bingo, its working for me.
      
      --> FY! - In case of no inactive systems then does not sent email (Which is good)
      
      Now I would like to EXCLUDE systems with Server OS; Can someone suggest for filter; how can I do it. Thanks in advance !!
      
      @ Denis Cooper - Thanks a lot !!!
  • Additional requirements - amended script
    3 Posts | Last post October 26, 2017
    • # Add required snapins and modules
        
      Add-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue    
      Import-Module ActiveDirectory -ErrorAction SilentlyContinue
      
      #Specify the OU you want to search for inactive accounts
      
      	$SearchOU=“OU=yourOU,DC=yourdomain,DC=com"
      
      #Specify the OU you want to move your inactive computer accounts to
      
      	$DestinationOU=“OU=Disabled Computers,DC=yourdomain,DC=com"
      
      #Specify the number of days that computers have been inactive for
      
      	$NumOfDaysInactiveFor = 90
      	
      #Get todays date
      
      	$Today = Get-Date
      
      #Mail Settings
      
          $SMTPserver = "mail.yourdomain.com"
          $from = "youraccount@yourdomain.com"
          $to = "youraccount@yourdomain.com"
      
      #Report Settings
      
          $subject = "Disabled AD computer accounts " +"$Today"
          $body = "Attached is the Report of all AD computer accounts that were disabled on: " +"$Today" 
          $Attachment="C:\Scripts\Reports\Disabled AD computer accounts.txt"
      	
      
      #Delete Old Report
      
      If ((test-path $Attachment) -eq $True) {
      Remove-Item $Attachment -Force
      }
      
      #Generate Report
      
      Get-QADComputer -InactiveFor $NumOfDaysInactiveFor -SizeLimit 0 -SearchRoot $searchOU -IncludedProperties ParentContainerDN | Sort Name | Select Name | Out-File "C:\Scripts\Reports\Disabled AD computer accounts.txt"
      
      #Disable Accounts - Label Accounts - Move Accounts
      
      Get-QADComputer -InactiveFor $NumOfDaysInactiveFor -SizeLimit 0 -SearchRoot $searchOU -IncludedProperties ParentContainerDN | foreach { 
      
      	$computer = $_.ComputerName
      	$SourceOU = $_.DN
      	$Description = "Account disabled due to inactivity on $Today - SourceOU was $SourceOu"
      	
      	Set-QADComputer $computer -Description $Description
      
      	Disable-QADComputer $computer
      
          Move-QADObject $computer -NewParentContainer $destinationOU 
      }
      
       # Send Email Report
       
        If ((Get-Content $Attachment) -gt $Null) {
          Send-MailMessage -From $from -To $to -SmtpServer $SMTPserver -Subject $subject -Body $Body  -Attachments $Attachment
      }
    • Scripting is not my favourite excessive and there might be a better/prettier way of doing this but maybe it helps somebody else as well.
      I had some additional requirements but it is based on your code; I thought it would be nice to feed it back into the community ;-) Thanks a lot for your script.
    • Hi,
      
      I'm getting, below error, please help
      I'm getting gelow File C:\Scripts\Move_disable_emails.ps1 cannot be loaded because running scripts is disabled on this system. For more information, see about_Execution_Policies at 
      http://go.microsoft.com/fwlink/?LinkID=135170.
          + CategoryInfo          : SecurityError: (:) [], ParentContainsErrorRecordException
          + FullyQualifiedErrorId : UnauthorizedAccess
  • Syntax Error
    1 Posts | Last post May 04, 2017
    • Hy Denis, 
      
      I mave mod teh script with my following details:
      
      
      #Specify the OU you want to search for inactive accounts
      	$SearchOU=“ou=OU Div. Hardware,ou=OU WWF Computers,ou= OU WWF,DC=wwf,DC=de"
      #Specify the OU you want to move your inactive computer accounts to
      	$DestinationOU=“ou=OU Deaktiviert,ou=alte Rechner,DC=wwf,DC=de"
      #Specify the number of days that computers have been inactive for
      	$NumOfDaysInactiveFor = 1500
      #Specify the description to set on the computer account
      	$Today = Get-Date	
      	$Description = "Account disabled due to inactivity on $Today"
      #DO NOT MODIFY BELOW THIS LINE
      Get-ADComputer -InactiveFor $NumOfDaysInactiveFor -SizeLimit 0 -SearchRoot $searchOU -IncludedProperties ParentContainerDN | foreach { 
      	$computer = $_.ComputerName
      	$SourceOU = $_.DN
      	#Remove the commented # from the next line if you want to set the description to be the source OU
      	#$Description = "SourceOU was $SourceOu"
      	Set-QADComputer -Description $Desciption
      	Disable-QADComputer $computer
      	Move-QADObject $computer -NewParentContainer $destinationOU 
      }
      
      
      but i get a error when i run the script:
      
      Get-ADComputer : Es wurde kein Parameter gefunden, der dem Parameternamen "InactiveFor" entspricht.
      In C:\batch\Move and disable inactive computer accounts_mod.ps1:21 Zeichen:16
      + Get-ADComputer -InactiveFor $NumOfDaysInactiveFor -SizeLimit 0 -Searc ...
      +                ~~~~~~~~~~~~
          + CategoryInfo          : InvalidArgument: (:) [Get-ADComputer], ParameterBindingException
          + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.GetADComputer
      
      do you have any idea? 
      
      Thanks for your assist. 
      
      chears
  • Can I use the same script for moving inactive users to antother OU
    1 Posts | Last post February 17, 2017
    • I need to move inactive users to another OU and to disable them. Can I get the modified script to perform the task.
  • Syntax for -Inactive
    1 Posts | Last post February 14, 2017
    • Get-ADComputer -InactiveFor $NumOfDaysInactiveFor -SizeLimit 0 -SearchRoot $sear ...
      +                ~~~~~~~~~~~~
          + CategoryInfo          : InvalidArgument: (:) [Get-ADComputer], ParameterBindingException
          + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.GetADComputer
      
      Powershell isn't recognizing "-InactiveFor" is there a more current syntax for this?
      
      Thanks
1 - 10 of 13 Items