This is a PowerShell script I wrote to move/disable inactive computer accounts.
Download and install Quest ActiveRoles Management Shell:
http://eddiejackson.net/apps/Quest_ActiveRolesManagementShellforActiveDirectoryx64_151.zip
# SET INACTIVE DAYS
$SetInactive = 120
# SEARCH HERE
$SourceOU = "ou=SEARCHHERE,dc=DOMAIN,dc=com"
# MOVE HERE
$TargetOU = "ou=MOVEHERE,dc=DOMAIN,dc=com"
# REPORT MODE
# Set to True to only show list of computers
# True or False
$RunReport = "True"
# DISABLE COMPUTER ACCOUNT
# Set to True to also disable the computer account
# True or False
$DisableAccount = "False"
#-----------------------------------------------
Add-PSSnapin Quest.ActiveRoles.ADManagement
Clear-Host
If ($RunReport -eq "True") {
#REPORT MODE
Write-Host "Report Mode..."
Write-Host ""
Get-QADComputer -InactiveFor $SetInactive -SizeLimit 0 -SearchRoot $SourceOU -IncludedProperties ParentContainerDN | foreach {
$_.ComputerName
}
} else {
#KILL MODE
Write-Host "Kill Mode..."
Write-Host ""
$objectDescription = "$(Get-TimeStamp) Account moved due to inactivity - SysAdmin"
Get-QADComputer -InactiveFor $SetInactive -SizeLimit 0 -SearchRoot $SourceOU -IncludedProperties ParentContainerDN | foreach {
$computer = $_.ComputerName
$SourceOU = $_.DN
Set-QADComputer $computer -Description $objectDescription
If ($DisableAccount -eq "True") {Disable-QADComputer $computer}
#Enable-QADComputer $computer
Move-QADObject $computer -NewParentContainer $TargetOU
"$(Get-TimeStamp) $computer" | Out-File -FilePath $ENV:UserProfile\Desktop\_ADLog.txt -Append
Write-Host ""
}
}
function Get-TimeStamp {
$SetTimestamp = "[" + (Get-Date).ToShortDateString() + " " + ((Get-Date).ToLongTimeString()) + "]"
Return $SetTimestamp
}