Feb
20
2013

Move inactive computer objects

Needed to do some AD cleaning; and obviously Powershell is the way to go. Did some digging around the web and found misc ways to do it; but ended up with this script:

$time=[DateTime]::Now.AddDays(-90)

$targetOU=(distinguished name for OU)

$oldcomputers = Get-ADComputer -Filter * -Properties lastlogontimestamp,objectguid | where {(([DateTime]::FromFileTime($_.lastlogontimestamp) – ([system.datetime]$time)).totaldays) -lt 0 }

$oldcomputers | foreach {Move-ADObject -identity $_.objectguid -TargetPath $targetOU}

I had some initial troubles, since I tried using distinguishedname, which gave me all sorts of access denied messages for some reason. But using the objectguid works like a charm.

 

Now obviously we could automate this further, but I find that the disable and /or delete phase is better off done manually (you never know).

Leave a comment

*