Find, disable and move inactive computer accounts

Posted by

If you ever find yourself needing to tidy up old inactive computer accounts from active directory you can accomplish this task fairly easily using powershell.

We use the Quest powershell comandlets which can be downloaded for free from http://www.quest.com/powershell/activeroles-server.aspx

Then use this script below, you can change the source and destination OU path using the OU Distinguished name. Also specify the number of days that computers need have been inactive for, i’d suggest 60.

The script will then run through and disable all inactive computer accounts and move them to the destination OU.

#Specify the OU you want to search for inactive accounts
$SearchOU=ou=AllComputers,DC=Domain,DC=Com
#Specify the OU you want to move your inactive computer accounts to
$DestinationOU=ou=DisabledComputers,DC=Domain,DC=Com
#Specify the number of days that computers have been inactive for
$NumOfDaysInactiveFor=60
#DO NOT MODIFY BELOW THIS LINE
GetQADComputer InactiveFor $NumOfDaysInactiveForSizeLimit 0SearchRoot $searchOU | foreach {
DisableQADComputer $_.computername
MoveQADObject $_.computername NewParentContainer $destinationOU }