 Â
Â
I am trying to find all the inactive computer accounts in the domain. I am making a point of using PowerShell to accomplish this so I can reuse the code and I figure that I will need to learn some pretty nifty skills to accomplish this.
I am currently running this:
get-qadcomputer -sizelimit 0 -IncludedProperties CN, pwdLastSet -serialize | out-file -filepath c:\temp\computers.txt
It’s returning data in the file similar to this:
S32290 128302946226556907
S32392 128270809929026321
S32208 128302843049312152
S32234 128301846033287145
C32066 128278608138061460
E21127 128283722764262509
A55393 128297646575514617
S32364 128304029075512257
S55348 128278656649780007
C55636 128284056354353763
 Â
Â
The number listed is the value of pwsLastSet and is described by the Microsoft Scripting Guy
“represents the number of 100 nanosecond intervals since January 1, 1601 (UTC).”
I’m dumping it to a file right now so I can make sure I have the math correct. Eventually we would like to delete any objects that have not been changed in more than 90 days, and accomplish this without dumping anything to a file – just pure PowerShell…
Â
UPDATE
I found another tool – dsquery
It makes trying this in PowerShell rather silly…
Here is the command to remove any computer accounts that have been inactive more than 16 weeks
dsquery computer -inactive 16 -limit 10000 | dsrm -c -noprompt
even better: http://www.joeware.net/freetools/tools/oldcmp/index.htm
As long as you have the Quest AD Cmdlets installed you can do the same in a simple one-liner using Powershell:
get-qadcomputer -IncludeAllProperties | Where-Object { $_.lastlogon -lt (get-date).AddDays(-90) }
Quest AD Cmdlets are free to download from http://www.quest.com/powershell/activeroles-server.aspx
Just found your blog through google, You should check your site in Konquerer browser, it messes up the header