Here’s a quick and dirty script to move old computers in AD to a OU and also disable them.
These can later be deleted.
$ADComputers = (dsquery computer -inactive 8 -limit 1000)
foreach ($comp in $ADComputers)
$compclean=($comp -replace ‘”‘, ”)
Move-ADObject $compclean -Targetpath “ou=computers,ou=garbage,dc=domain,dc=com”
Here’s a quick break down.
dsquery computer –inactive 8 –limit 1000
This line searches the AD for computers that have not logged in for 8 weeks or more. By default the dsquery will only look for 100 objects so we need to raise the limit.
$comp -replace ‘”‘, ”
Here we are cutting the “ character that dsquery hands the objects names over with. These are located at the start and end.
Disable-ADObject and Move-ADObject are self explanatory.
Not they do have –whatif switches that will help if you want to see whats going to happen.
Append -whatif to the end of the command.
You can save this as a ps1 file or execute it out the PowerShel ISE.