Move inactive computer objects

Needed to do some AD cleaning; and obviously Powershell is the way to go. Did some digging around the web and found misc ways to do it; but ended up with this script:


$targetOU=(distinguished name for OU)

$oldcomputers = Get-ADComputer -Filter * -Properties lastlogontimestamp,objectguid | where {(([DateTime]::FromFileTime($_.lastlogontimestamp) – ([system.datetime]$time)).totaldays) -lt 0 }

$oldcomputers | foreach {Move-ADObject -identity $_.objectguid -TargetPath $targetOU}

I had some initial troubles, since I tried using distinguishedname, which gave me all sorts of access denied messages for some reason. But using the objectguid works like a charm.


Now obviously we could automate this further, but I find that the disable and /or delete phase is better off done manually (you never know).

Leave a comment