This is a PowerShell script I wrote to move/disable inactive computer accounts.
Download and install Quest ActiveRoles Management Shell:
http://eddiejackson.net/apps/Quest_ActiveRolesManagementShellforActiveDirectoryx64_151.zip
# SET INACTIVE DAYS $SetInactive = 120 # SEARCH HERE $SourceOU = "ou=SEARCHHERE,dc=DOMAIN,dc=com" # MOVE HERE $TargetOU = "ou=MOVEHERE,dc=DOMAIN,dc=com" # REPORT MODE # Set to True to only show list of computers # True or False $RunReport = "True" # DISABLE COMPUTER ACCOUNT # Set to True to also disable the computer account # True or False $DisableAccount = "False" #----------------------------------------------- Add-PSSnapin Quest.ActiveRoles.ADManagement Clear-Host If ($RunReport -eq "True") { #REPORT MODE Write-Host "Report Mode..." Write-Host "" Get-QADComputer -InactiveFor $SetInactive -SizeLimit 0 -SearchRoot $SourceOU -IncludedProperties ParentContainerDN | foreach { $_.ComputerName } } else { #KILL MODE Write-Host "Kill Mode..." Write-Host "" $objectDescription = "$(Get-TimeStamp) Account moved due to inactivity - SysAdmin" Get-QADComputer -InactiveFor $SetInactive -SizeLimit 0 -SearchRoot $SourceOU -IncludedProperties ParentContainerDN | foreach { $computer = $_.ComputerName $SourceOU = $_.DN Set-QADComputer $computer -Description $objectDescription If ($DisableAccount -eq "True") {Disable-QADComputer $computer} #Enable-QADComputer $computer Move-QADObject $computer -NewParentContainer $TargetOU "$(Get-TimeStamp) $computer" | Out-File -FilePath $ENV:UserProfile\Desktop\_ADLog.txt -Append Write-Host "" } } function Get-TimeStamp { $SetTimestamp = "[" + (Get-Date).ToShortDateString() + " " + ((Get-Date).ToLongTimeString()) + "]" Return $SetTimestamp }