SHOW:
|
|
- or go back to the newest paste.
1 | - | $daysold = (get-date).adddays(-90) |
1 | + | <## |
2 | - | $file = 'C:\temp\deletedcomputers.csv' |
2 | + | Usage : This script can be run as a standalone task on a schedule or called manually, using the set variables in the first section |
3 | - | $emailTo = "Liam <liam.mogayzel@omnihotels.com>","Ray Azim <razim@omnihotels.com>","Dahl Spalding <dspalding@omnihotels.com>" |
3 | + | Purpose : Find all non-server Windows computer accounts in the domain that have not communicated with a domain controller and remove them. |
4 | - | #$emailTo = "Liam <liam.mogayzel@omnihotels.com>" |
4 | + | Author : Liam@liveitcg.com |
5 | ##> | |
6 | $maxage = 90 ## Maximum days a computer can not check in with a domain controller before it is considered stale and deleted | |
7 | $file = 'C:\temp\deletedcomputers.csv' ## temp location for email attachment ; directory must exist | |
8 | $emailTo = "Your Name <email@domain.com>" ## add multiple quoted entries separated by comma | |
9 | $mailserver = "outlook.office365.com" ## SMTP relay server | |
10 | $remove = $false ## set this to $true to delete objects ; set this to $false to just generate an email report | |
11 | ||
12 | ||
13 | ### Don't modify below this line | |
14 | $daysold = (get-date).adddays(-$maxage) | |
15 | ## Query for computers that have not logged in | |
16 | $oldcomputers=Get-ADComputer -Filter {lastlogondate -lt $daysold -and operatingsystem -like "Windows*" -and operatingsystem -notlike "*Server*"} -Properties lastlogondate,operatingsystem,canonicalname |sort lastlogondate | |
17 | $oldcomputers | select name, LastLogonDate, operatingsystem, canonicalname |export-csv -NoTypeInformation -Path $file | |
18 | ||
19 | if ($remove) { | |
20 | ## Purge computers | |
21 | $oldcomputers| Remove-ADObject -Recursive -Confirm:$false | |
22 | ## Re-Query to find any computers that were not removed after 3 min cool off | |
23 | Sleep -seconds 180 | |
24 | $failed=Get-ADComputer -Filter {lastlogondate -lt $daysold -and operatingsystem -like "Windows*" -and operatingsystem -notlike "*Server*"} -Properties lastlogondate,operatingsystem,canonicalname |sort lastlogondate | |
25 | ||
26 | ## Retry loop if there are any objects found that should have been removed. | |
27 | ## Retry 3 times ; 3 minute cool off interval | |
28 | - | ## |
28 | + | |
29 | $failed | Remove-ADObject -Recursive -Confirm:$false | |
30 | sleep -seconds 180 | |
31 | $failed=Get-ADComputer -Filter {lastlogondate -lt $daysold -and operatingsystem -like "Windows*" -and operatingsystem -notlike "*Server*"} -Properties lastlogondate,operatingsystem,canonicalname |sort lastlogondate | |
32 | - | Send-MailMessage -To $emailTo -From "Computer cleanup script <noreply@omnihotels.com>" -Subject "AD Computer desktop cleanup" -SmtpServer mail.omnihotels.com -Body $blob -Attachments $file |
32 | + | |
33 | } | |
34 | ## Report if query still finds objects that were not removed | |
35 | if ($failed.length -gt 0) {$blob += "There were "+($failed.length)+" accounts that were not removed." ; $failed.name |%{$blob+=$_;$blob+="`r`n"}; $blob += "`r`n"} | |
36 | ||
37 | ## Build email notification body | |
38 | $blob += "There were "+($oldcomputers.length)+" computers removed.`r`n" | |
39 | $blob += "List of computers deleted.`r`n" | |
40 | $oldcomputers.name |%{$blob+=$_;$blob+="`r`n"} | |
41 | } | |
42 | ## Build email notification for report only | |
43 | else { | |
44 | $blob += "There are "+($oldcomputers.length)+" stale computers in the domain.`r`n" | |
45 | $blob += "List of computers that can be deleted.`r`n" | |
46 | $oldcomputers.name |%{$blob+=$_;$blob+="`r`n"} | |
47 | } | |
48 | Send-MailMessage -To $emailTo -From "Computer cleanup script <noreply@domain.com>" -Subject "AD Computer desktop cleanup" -SmtpServer $mailserver -Body $blob -Attachments $file | |
49 | ||
50 | remove-item $file |