View difference between Paste ID: CSiWcj10 and EM7kiMYy
SHOW: | | - or go back to the newest paste.
1-
$daysold = (get-date).adddays(-90)
1+
<## 
2-
$file = 'C:\temp\deletedcomputers.csv'
2+
Usage : This script can be run as a standalone task on a schedule or called manually, using the set variables in the first section
3-
$emailTo = "Liam <liam.mogayzel@omnihotels.com>","Ray Azim <razim@omnihotels.com>","Dahl Spalding <dspalding@omnihotels.com>"
3+
Purpose : Find all non-server Windows computer accounts in the domain that have not communicated with a domain controller and remove them. 
4-
#$emailTo = "Liam <liam.mogayzel@omnihotels.com>"
4+
Author : Liam@liveitcg.com
5
##>
6
$maxage = 90   ## Maximum days a computer can not check in with a domain controller before it is considered stale and deleted
7
$file = 'C:\temp\deletedcomputers.csv'  ## temp location for email attachment ; directory must exist
8
$emailTo = "Your Name <email@domain.com>" ## add multiple quoted entries separated by comma
9
$mailserver = "outlook.office365.com"  ## SMTP relay server
10
$remove = $false ## set this to $true to delete objects ; set this to $false to just generate an email report
11
12
13
### Don't modify below this line
14
$daysold = (get-date).adddays(-$maxage)
15
## Query for computers that have not logged in
16
$oldcomputers=Get-ADComputer -Filter {lastlogondate -lt $daysold -and operatingsystem -like "Windows*" -and operatingsystem -notlike "*Server*"}  -Properties lastlogondate,operatingsystem,canonicalname |sort lastlogondate
17
$oldcomputers | select name, LastLogonDate, operatingsystem, canonicalname |export-csv -NoTypeInformation -Path $file 
18
19
if ($remove) {
20
## Purge computers
21
$oldcomputers| Remove-ADObject -Recursive -Confirm:$false
22
## Re-Query to find any computers that were not removed after 3 min cool off
23
Sleep -seconds 180
24
$failed=Get-ADComputer -Filter {lastlogondate -lt $daysold -and operatingsystem -like "Windows*" -and operatingsystem -notlike "*Server*"}  -Properties lastlogondate,operatingsystem,canonicalname |sort lastlogondate
25
26
## Retry loop if there are any objects found that should have been removed. 
27
## Retry 3 times ; 3 minute cool off interval
28-
##
28+
29
		$failed | Remove-ADObject -Recursive -Confirm:$false
30
		sleep -seconds 180
31
		$failed=Get-ADComputer -Filter {lastlogondate -lt $daysold -and operatingsystem -like "Windows*" -and operatingsystem -notlike "*Server*"}  -Properties lastlogondate,operatingsystem,canonicalname |sort lastlogondate
32-
Send-MailMessage -To $emailTo -From "Computer cleanup script <noreply@omnihotels.com>" -Subject "AD Computer desktop cleanup" -SmtpServer mail.omnihotels.com -Body $blob -Attachments $file
32+
33
	}
34
## Report if query still finds objects that were not removed
35
if ($failed.length -gt 0) {$blob += "There were "+($failed.length)+" accounts that were not removed." ; $failed.name |%{$blob+=$_;$blob+="`r`n"}; $blob += "`r`n"}
36
37
##	Build email notification body
38
$blob += "There were "+($oldcomputers.length)+" computers removed.`r`n"
39
$blob += "List of computers deleted.`r`n"
40
$oldcomputers.name |%{$blob+=$_;$blob+="`r`n"}
41
	}
42
##	Build email notification for report only
43
else { 
44
$blob += "There are "+($oldcomputers.length)+" stale computers in the domain.`r`n"
45
$blob += "List of computers that can be deleted.`r`n"
46
$oldcomputers.name |%{$blob+=$_;$blob+="`r`n"}
47
}
48
Send-MailMessage -To $emailTo -From "Computer cleanup script <noreply@domain.com>" -Subject "AD Computer desktop cleanup" -SmtpServer $mailserver -Body $blob -Attachments $file
49
50
remove-item $file