Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- I wrote this, wich we use atm
- #Logfile Path
- $logpath = 'fil in directory path'
- $logfile = New-Object System.Collections.Generic.List[Psobject]
- #Set lastlogon filter, months from current date
- $Months = -12
- #SamaAccountNames to excluded from beeing disabled
- $ExcludedUsers = @(
- "user1"
- , "user2"
- )
- #Get all AD-Users and AD-Computers
- $OUs = @(
- "OU=users,DC=test,DC=com"
- , "OU=computers,DC=test,DC=com"
- )
- #Get Users and Computers from specified OU's
- $AdUsers = $OUs | foreach {Get-ADUser -Filter * -SearchScope Subtree -Properties * -SearchBase $_}
- $AdComputers = $OUs | foreach {Get-ADComputer -Filter * -SearchScope Subtree -Properties * -SearchBase $_}
- #Filter - to get inactive objects (inactive for more than 12 monts but ACTIVE)
- $AdUsers = $AdUsers | where {$_.LastLogonDate -lt (Get-Date).AddMonths($Months) -and $_.Enabled -eq $true}
- $AdComputers = $AdComputers | where {$_.LastLogonDate -lt (Get-Date).AddMonths($Months) -and $_.Enabled -eq $true}
- #Create List With Inactive Users
- $InActiveUsers = New-Object System.Collections.Generic.List[Microsoft.ActiveDirectory.Management.ADAccount]
- foreach ($user in $AdUsers)
- {
- if($user.LastLogonDate -ne $null -and $ExcludedUsers -notcontains $user.SamAccountName)
- {
- $InActiveUsers.Add($user)
- }
- }
- #Create List With Inactive Computers
- $InActiveComputers = New-Object System.Collections.Generic.List[Microsoft.ActiveDirectory.Management.ADAccount]
- foreach ($Computer in $AdComputers)
- {
- if($Computer.LastLogonDate -ne $null)
- {
- $InActiveComputers.Add($Computer)
- }
- }
- # Deactivating and moving AD Objects
- foreach ($user in $InActiveUsers)
- {
- $user | Disable-ADAccount -Confirm:$false
- #Fill in your own path
- $user | Move-ADObject -TargetPath "OU=Disabled Users,OU=Disabled Items,DC=test,DC=com"
- #Create Logfile Object and add to Logfile
- $hash = @{
- 'Disabled Date' = (Get-Date).ToString("yyyy-MM-dd hh:MM:ss")
- 'LastLogonDate' = $user.LastLogonDate
- 'SamaAccountName' = $user.SamAccountName
- 'Name' = $user.Name
- 'Type' = 'User'
- }
- $obj = New-Object -TypeName Psobject -Property $hash
- $logfile.Add($obj)
- }
- foreach ($computer in $InActiveComputers)
- {
- $computer | Disable-ADAccount -Confirm:$false
- #Fill in your own path
- $computer | Move-ADObject -TargetPath "OU=Disabled Computers,OU=Disabled Items,DC=test,DC=com"
- #Create Logfile Object and add to Logfile
- $hash = @{
- 'Disabled Date' = (Get-Date).ToString("yyyy-MM-dd hh:MM:ss")
- 'LastLogonDate' = $computer.LastLogonDate
- 'SamaAccountName' = $computer.SamAccountName
- 'Name' = $computer.Name
- 'Type' = 'Computer'
- }
- $obj = New-Object -TypeName Psobject -Property $hash
- $logfile.Add($obj)
- }
- $logfile | select 'Disabled Date',LastLogonDate,SamaAccountName,Name,type | Export-Csv -LiteralPath "$logpath\LogADObj.csv" -Delimiter ';' -NoTypeInformation -Append -Force
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement