Advertisement
PureGremlin

Remove AD computers

Dec 29th, 2021
1,543
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <##
  2. Usage : This script can be run as a standalone task on a schedule or called manually, using the set variables in the first section
  3. Purpose : Find all non-server Windows computer accounts in the domain that have not communicated with a domain controller and remove them.
  4. Author : Liam@liveitcg.com
  5. ##>
  6. $maxage = 90   ## Maximum days a computer can not check in with a domain controller before it is considered stale and deleted
  7. $file = 'C:\temp\deletedcomputers.csv'  ## temp location for email attachment ; directory must exist
  8. $emailTo = "Your Name <email@domain.com>" ## add multiple quoted entries separated by comma
  9. $mailserver = "outlook.office365.com"  ## SMTP relay server
  10. $remove = $false ## set this to $true to delete objects ; set this to $false to just generate an email report
  11.  
  12.  
  13. ### Don't modify below this line
  14. $daysold = (get-date).adddays(-$maxage)
  15. ## Query for computers that have not logged in
  16. $oldcomputers=Get-ADComputer -Filter {lastlogondate -lt $daysold -and operatingsystem -like "Windows*" -and operatingsystem -notlike "*Server*"}  -Properties lastlogondate,operatingsystem,canonicalname |sort lastlogondate
  17. $oldcomputers | select name, LastLogonDate, operatingsystem, canonicalname |export-csv -NoTypeInformation -Path $file
  18.  
  19. if ($remove) {
  20. ## Purge computers
  21. $oldcomputers| Remove-ADObject -Recursive -Confirm:$false
  22. ## Re-Query to find any computers that were not removed after 3 min cool off
  23. Sleep -seconds 180
  24. $failed=Get-ADComputer -Filter {lastlogondate -lt $daysold -and operatingsystem -like "Windows*" -and operatingsystem -notlike "*Server*"}  -Properties lastlogondate,operatingsystem,canonicalname |sort lastlogondate
  25.  
  26. ## Retry loop if there are any objects found that should have been removed.
  27. ## Retry 3 times ; 3 minute cool off interval
  28. $i=0;   while ($failed.length -gt 0 -and $i -lt 3) {
  29.         $failed | Remove-ADObject -Recursive -Confirm:$false
  30.         sleep -seconds 180
  31.         $failed=Get-ADComputer -Filter {lastlogondate -lt $daysold -and operatingsystem -like "Windows*" -and operatingsystem -notlike "*Server*"}  -Properties lastlogondate,operatingsystem,canonicalname |sort lastlogondate
  32.         $i++
  33.     }
  34. ## Report if query still finds objects that were not removed
  35. if ($failed.length -gt 0) {$blob += "There were "+($failed.length)+" accounts that were not removed." ; $failed.name |%{$blob+=$_;$blob+="`r`n"}; $blob += "`r`n"}
  36.  
  37. ##  Build email notification body
  38. $blob += "There were "+($oldcomputers.length)+" computers removed.`r`n"
  39. $blob += "List of computers deleted.`r`n"
  40. $oldcomputers.name |%{$blob+=$_;$blob+="`r`n"}
  41.     }
  42. ##  Build email notification for report only
  43. else {
  44. $blob += "There are "+($oldcomputers.length)+" stale computers in the domain.`r`n"
  45. $blob += "List of computers that can be deleted.`r`n"
  46. $oldcomputers.name |%{$blob+=$_;$blob+="`r`n"}
  47. }
  48. Send-MailMessage -To $emailTo -From "Computer cleanup script <noreply@domain.com>" -Subject "AD Computer desktop cleanup" -SmtpServer $mailserver -Body $blob -Attachments $file
  49.  
  50. remove-item $file
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement