ADUC: Clear 'dead' computers
@dustinb3403 said in ADUC: Clear 'dead' computers:
I use powershell to query for users / computers that haven't been seen for a while, and then I take the list and manually remove the ones I know for certain are gone.
PS would be an excellent tool for this - I'll have to see about building one out unless you care to share. I know I have stall entries.
I don't have the scripts with me (old job) but the command syntax is along these lines.
Get-ADComputer -identity compname -Properties * | FT Name, LastLogonDate
To query the entire domain:
Get-ADComputer -Filter * -Properties * | FT Name, LastLogonDate -Autosize
Get-ADComputer -filter * -properties * | Sort LastLogonDate -Descending | Select Name, LastLogonDate
will sort by date, giving you lonely pcs at bottom of terminal. -
@momurda said in ADUC: Clear 'dead' computers:
Get-ADComputer -filter * -properties * | Sort LastLogonDate -Descending | Select Name, LastLogonDate
We need some tags on this post.
@dashrender said in ADUC: Clear 'dead' computers:
@momurda said in ADUC: Clear 'dead' computers:
Get-ADComputer -filter * -properties * | Sort LastLogonDate -Descending | Select Name, LastLogonDate
We need some tags on this post.
You're it.
I use ADTidy for this -
@jt1001001 Paid or Free?
@wirestyle22 I've been using the free version without issues so far
Another way to do it
Get-ADComputer -Filter {PasswordLastSet -le $lastSetdate} -Properties passwordLastSet -ResultSetSize $null | FT samaccountname,PasswordLastSet
Another example taken from another script:
import-module activedirectory $domain = "" $DaysInactive = 90 $time = (Get-Date).Adddays(-($DaysInactive)) # Get all AD computers with lastLogonTimestamp less than our time Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -Properties LastLogonTimeStamp | # Output hostname and lastLogonTimestamp into CSV select-object Name,@{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}} | export-csv OLD_Computer.csv -notypeinformation