Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <##
- Usage : This script can be run as a standalone task on a schedule or called manually, using the set variables in the first section
- Purpose : Find all non-server Windows computer accounts in the domain that have not communicated with a domain controller and remove them.
- Author : Liam@liveitcg.com
- ##>
- $maxage = 90 ## Maximum days a computer can not check in with a domain controller before it is considered stale and deleted
- $file = 'C:\temp\deletedcomputers.csv' ## temp location for email attachment ; directory must exist
- $emailTo = "Your Name <email@domain.com>" ## add multiple quoted entries separated by comma
- $mailserver = "outlook.office365.com" ## SMTP relay server
- $remove = $false ## set this to $true to delete objects ; set this to $false to just generate an email report
- ### Don't modify below this line
- $daysold = (get-date).adddays(-$maxage)
- ## Query for computers that have not logged in
- $oldcomputers=Get-ADComputer -Filter {lastlogondate -lt $daysold -and operatingsystem -like "Windows*" -and operatingsystem -notlike "*Server*"} -Properties lastlogondate,operatingsystem,canonicalname |sort lastlogondate
- $oldcomputers | select name, LastLogonDate, operatingsystem, canonicalname |export-csv -NoTypeInformation -Path $file
- if ($remove) {
- ## Purge computers
- $oldcomputers| Remove-ADObject -Recursive -Confirm:$false
- ## Re-Query to find any computers that were not removed after 3 min cool off
- Sleep -seconds 180
- $failed=Get-ADComputer -Filter {lastlogondate -lt $daysold -and operatingsystem -like "Windows*" -and operatingsystem -notlike "*Server*"} -Properties lastlogondate,operatingsystem,canonicalname |sort lastlogondate
- ## Retry loop if there are any objects found that should have been removed.
- ## Retry 3 times ; 3 minute cool off interval
- $i=0; while ($failed.length -gt 0 -and $i -lt 3) {
- $failed | Remove-ADObject -Recursive -Confirm:$false
- sleep -seconds 180
- $failed=Get-ADComputer -Filter {lastlogondate -lt $daysold -and operatingsystem -like "Windows*" -and operatingsystem -notlike "*Server*"} -Properties lastlogondate,operatingsystem,canonicalname |sort lastlogondate
- $i++
- }
- ## Report if query still finds objects that were not removed
- if ($failed.length -gt 0) {$blob += "There were "+($failed.length)+" accounts that were not removed." ; $failed.name |%{$blob+=$_;$blob+="`r`n"}; $blob += "`r`n"}
- ## Build email notification body
- $blob += "There were "+($oldcomputers.length)+" computers removed.`r`n"
- $blob += "List of computers deleted.`r`n"
- $oldcomputers.name |%{$blob+=$_;$blob+="`r`n"}
- }
- ## Build email notification for report only
- else {
- $blob += "There are "+($oldcomputers.length)+" stale computers in the domain.`r`n"
- $blob += "List of computers that can be deleted.`r`n"
- $oldcomputers.name |%{$blob+=$_;$blob+="`r`n"}
- }
- Send-MailMessage -To $emailTo -From "Computer cleanup script <noreply@domain.com>" -Subject "AD Computer desktop cleanup" -SmtpServer $mailserver -Body $blob -Attachments $file
- remove-item $file
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement