So we all know departments are bad about letting us know when someone has left MSU
or
your specific Unit, so that is why I have automated Active directory cleanup of computers
and users. If is very simple and easy to manage. If you are running an 2k8r2 box in
your
environment, that is really the only requirement. You could even do this from a Windows
7
box if you have RSAT and Powershell installed.
I have attached the 7 lines of code, but note the following:
1) assumes Set-ExecutionPolicy RemoteSigned
2) you have an SMTP box that will allow servers to send mail
3) you change the OU and email address
4) while this is set to computer accounts you can easily change -Computers Only to -
UsersOnly
5) this is set to search only 1 ou deep (OneLevel), it is up to your situation with nested
OUs
6) you could easily remove the lines that account for disabling the Accounts and just get
an email on inactive accounts. (while I only pull Name and lastlogondate, you could add
dept so that you could notify each dept of inactive users).
Finally, you can also add this script to a scheduled task (the automation part) that runs
when you want it.
So their you go, Automated AD cleanup!
Tim Good
Import-Module ActiveDirectory
#Computers Account OU
Search-ADAccount -AccountInactive -SearchBase "OU=ComputerAccounts,DC=(yourdomain,DC=MSU,DC=EDU" -TimeSpan 180.00:00:00 -ComputersOnly | Disable-ADAccount
Search-ADAccount -AccountInactive -SearchBase "OU=ComputerAccounts,DC=ISP,DC=MSU,DC=EDU" -TimeSpan 90.00:00:00 -ComputersOnly | Select name, lastlogondate | ft -AutoSize > c:\scripts\Inactive_Computers.txt
Search-ADAccount -AccountDisabled -SearchBase "OU=ComputerAccounts,DC=ISP,DC=MSU,DC=EDU" -SearchScope OneLevel -ComputersOnly | Select name, lastlogondate | ft -AutoSize > c:\scripts\Disabled_Computers.txt | Move-ADObject -TargetPath "OU=DisabledAccounts,DC=(yourdomain),DC=MSU,DC=EDU"
Send-MailMessage -From [log in to unmask] -Subject "Daily Inactive Computers 90days" -To [log in to unmask] -Attachments c:\scripts\Inactive_Computers.txt -body (get-content c:\scripts\Inactive_Computers.txt | out-string) -SmtpServer smpt.yourdomain.msu.edu
Send-MailMessage -From [log in to unmask] -Subject "Daily Disabled Computers" -To [log in to unmask] -Attachments c:\scripts\Disabled_Computers.txt -body (get-content c:\scripts\Disabled_Computers.txt | out-string) -SmtpServer smpt.yourdomain.edu
|