ADUC: Clear 'dead' computers

gjacobse

Some of this is partly a process issue, one that can be easily corrected.

However, when a computer is retired, recycled or refreshed is there a process that could be run against ADUC to remove computers that are no longer attached to AD? Or is it really a matter of knowing what systems are gone and deleting them manually?

DustinB3403

I use powershell to query for users / computers that haven't been seen for a while, and then I take the list and manually remove the ones I know for certain are gone.

gjacobse

@dustinb3403 said in ADUC: Clear 'dead' computers:

I use powershell to query for users / computers that haven't been seen for a while, and then I take the list and manually remove the ones I know for certain are gone.

PS would be an excellent tool for this - I'll have to see about building one out unless you care to share. I know I have stall entries.

DustinB3403

I don't have the scripts with me (old job) but the command syntax is along these lines.

Get-ADComputer -identity compname -Properties * | FT Name, LastLogonDate

DustinB3403

To query the entire domain:

Get-ADComputer -Filter * -Properties * | FT Name, LastLogonDate -Autosize

momurda

Get-ADComputer -filter * -properties * | Sort LastLogonDate -Descending | Select Name, LastLogonDate
will sort by date, giving you lonely pcs at bottom of terminal.

Dashrender

@momurda said in ADUC: Clear 'dead' computers:

Get-ADComputer -filter * -properties * | Sort LastLogonDate -Descending | Select Name, LastLogonDate

We need some tags on this post.

gjacobse

@dashrender said in ADUC: Clear 'dead' computers:

@momurda said in ADUC: Clear 'dead' computers:

Get-ADComputer -filter * -properties * | Sort LastLogonDate -Descending | Select Name, LastLogonDate

We need some tags on this post.

You're it.

jt1001001

I use ADTidy for this
http://www.cjwdev.com/Software/ADTidy/Info.html

wirestyle22

@jt1001001 Paid or Free?

jt1001001

@wirestyle22 I've been using the free version without issues so far

dbeato

Another way to do it

Get-ADComputer -Filter {PasswordLastSet -le $lastSetdate} -Properties passwordLastSet -ResultSetSize $null | FT samaccountname,PasswordLastSet

dbeato

Another example taken from another script:

import-module activedirectory  
$domain = "domain.mydom.com"  
$DaysInactive = 90  
$time = (Get-Date).Adddays(-($DaysInactive)) 
  
# Get all AD computers with lastLogonTimestamp less than our time 
Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -Properties LastLogonTimeStamp | 
  
# Output hostname and lastLogonTimestamp into CSV 
select-object Name,@{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}} | export-csv OLD_Computer.csv -notypeinformation