import-module activedirectory
$DaysInactive = 90
$time = (Get-Date).Adddays(-($DaysInactive))
Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -Properties LastLogonTimeStamp |
select-object Name,#{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}} | export-csv C:\users\user\desktop\OLD_Computer.csv
-notypeinformation
This is the script I am trying to run to clean up some stale objects within Active Directory. I am tracking down computer objects that have not been logged into in the last 90 days or longer. This script works fine, but now I need to run it against a specific OU, I know I need to put a searchbase somewhere - but I am unsure where it needs to be placed.
-SearchBase ou=workstations,dc=,dc=
Thanks in advance for all your help, you guys are always great.
thanks for taking the time to respond, sorry for the people that got upset over this question. I was missing the quotes around my parameter - it works now.
Related
Having an bit of an issue with my Powershell script. I'm currently running this below -
Get-ADComputer -Filter * -Properties * | FT Name,OperatingSystem, LastLogonDate -AutoSize
Which lists Computers and operating systems in my Active Directory.
I want to fill this variable $Computers with the Computer names discovered in my command above.
Anyone got any idea how I do this?
$computers = (Get-ADComputer -Filter *).Name
should do the trick. At least it seems to work with a list of file names as in:
$filenames = (ls).Name
Trying to make a PS script that finds and deletes expired accounts in specific OUs
I've created this script, and it gets the users that is expired in the 4 OUs, so far so good, but I cant get my head around how to make it delete the users.
$OUs=
"OU=1,OU=Users,DC=Test,DC=local",
"OU=2,OU=Users,DC=Test,DC=local",
"OU=3,OU=Users,DC=Test,DC=local",
"OU=4,OU=Users,DC=Test,DC=local"
Foreach($OU in $OUs){
Search-ADAccount -AccountExpired -Searchbase $OU | Select-Object Name
}
Anybody that got a solution for this? :)
This works on my machine
Foreach($OU in $OUs){
Search-ADAccount -AccountExpired -Searchbase $OU | Remove-ADObject -Confirm:$false
}
I'm having the hardest time getting the following output from powershell. The console just stops at the blinking cursor like the command is running, but I wait 20 min or so, and I still have no output, both in the powershell console, as well as when I try to export as a csv. I'm using the following command:
Search-ADAccount -AccountExpiring -DateTime "01/29/2017" | where {$_.ObjectClass -eq 'user'} | FT Name,ObjectClass -A | Export-Csv C:\temp
Could someone help? I've scoured the internet to no avail.
You are using format-table inappropriately. Don't use any Format-* cmdlets if you need to process the data after that point - formatting makes that impossible. Always save formatting for the very end, and only for user presentation.
Also, you're going to end up with a file in your C:\ root directory named temp that's not entirely usable as a CSV file, at least from Excel and other readers, because additional information is going to be inserted by Export-CSV. This will be eliminated by the -notypeinformation switch.
Additionally, you can speed this up by specifying the -UsersOnly switch for Search-ADAccount and skipping the where-object loop - the pipeline is really useful, but constructs like this can slow it down. Filter your data as far to the left as possible, and if you can do it inside a cmdlet that offers a filter, do it there.
Corrected script which should work as you expect:
Search-ADAccount -AccountExpiring -DateTime "01/29/2017" -UsersOnly | select-object -Property Name,ObjectClass | Export-Csv C:\temp\expiring.csv -NoTypeInformation;
Forgive me if this isn't perfect code, but this script will get you accounts expiring within the next 7 days. You can change the $DaysAhead variable to alter the time frame.
$maxPwdAge=(Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days;
$daysAhead = 7;
$dateMin=(get-date).AddDays(-$maxPwdAge);
$dateMax=$DateMin.AddDays($daysAhead);
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False -and PasswordLastSet -gt 0} –Properties * | where {($_.PasswordLastSet) -ge $dateMin} |where {($_.PasswordLastSet) -le $dateMax} | select CN,EmailAddress,passwordLastSet | Format-Table;
I am using the powershell command below to get a list of computers that havent been logged into in the past 60 days. This is returning all OU computers. Is it possible to change the line below to return from a certain OU?
Get-ADComputer -Property Name,lastLogonDate -Filter {lastLogonDate -lt $then} | FT Name,lastLogonDate
From the online help page try using -SearchBase filter
C:\PS>Get-ADComputer -LDAPFilter "(name=*laptop*)" -SearchBase "CN=Computers,DC=Fabrikam,DC=com"
I'm trying to write a single command in PS which lets me the AD account for all lync enabled users by samaccountname
I tried this:
get-csuser | where {$_.Enabled -eq $True -and $_.SipAddress -ne $null} | foreach-object {get-aduser -filter {samaccountname -eq $_.samaccountname}}
This however doesn't work
I know I can do this with a simple script, but the reason I need to do this on the command line is that I am using C# to invoke the above, and I don't want to create 2 powershell objects (for performance reason), so I would like to run the entire command in one powershell unit.
Any ideas how should I fix the above script?
Thanks in advance
Right, here I am answering my own question again (rather than deleting my post, incase it helps someone in the future).
It seems the property name is case-sensitive, so I need to replace:
$_.samaacountname
with
$_.SamAccountName
works like a charm after that
get-csuser | select samaccountname