清理可能废弃的AD用户和计算机账户
2011-04-23 16:22
465 查看
#查找N天未活动的计算机或者用户,并移动到指定OU
#system.directoryservices.directorysearcher
#http://msdn.microsoft.com/en-us/library/system.directoryservices.directorysearcher.aspx
$maxOldLogonDays = 30
$TargetOU="OU=Computers,OU=Recycl_Bin,DC=TigerCompanyoa,DC=cn"
#$TargetOU="OU=users,OU=Recycl_Bin,DC=TigerCompanyoa,DC=cn"
$CSVFileLocation='C:\TEMP\OldObjects.CSV'
$query = New-Object system.directoryservices.directorysearcher
$root = [adsi]"LDAP://DC=TigerCompanyoa,DC=cn"
$query.SearchRoot = $root
$query.filter = "(objectCategory=computer)"
#$query.filter = "(objectCategory=user)"
$query.SearchScope = "subtree"
$query.PageSize = 100; #很奇怪,居然找到了近1万个计算机。。
$result = $query.findAll() |
ForEach-Object -process `
{
if ($_.properties.item("lastLogonTimestamp") -gt 0)
#I get alot of lastLogonTimestamps that are not null but not empty either
#-gt 0 seems to work best as test for valid datestamp
{
$rawLogon = $_.properties.item("lastLogonTimestamp")
$convertedLogOn = [datetime]::FromFileTime([int64]::Parse($rawLogon))
#To translate the lastLogonTimestamp attribute, we can use the FromFileTime static
#method from the system.datetime class. We also use the static method parse
#from the system.int64 class and give it the value we stored in the $rawLogon variable.
#We save the converted datetime object into the $convertedLogOn variable.
#Write-Host $convertedLogOn
$passwordage = ((get-date) - $convertedLogOn)
#Write-Host $passwordage.Days
If($passwordage.Days -gt $maxOldLogonDays)
{
#Write-Host "$($_.properties.item('distinguishedName'))
#has not logged on for more than $maxOldLogonDays days"
$($_.properties.item('distinguishedName')) | out-file $CSVFileLocation -Append #输出原来的DN
#Move-ADObject -Identity "$($_.properties.item('distinguishedName'))" -TargetPath $TargetOU #移动到指定OU
}
}
}
本文出自 “两只老虎” 博客,转载请与作者联系!
#system.directoryservices.directorysearcher
#http://msdn.microsoft.com/en-us/library/system.directoryservices.directorysearcher.aspx
$maxOldLogonDays = 30
$TargetOU="OU=Computers,OU=Recycl_Bin,DC=TigerCompanyoa,DC=cn"
#$TargetOU="OU=users,OU=Recycl_Bin,DC=TigerCompanyoa,DC=cn"
$CSVFileLocation='C:\TEMP\OldObjects.CSV'
$query = New-Object system.directoryservices.directorysearcher
$root = [adsi]"LDAP://DC=TigerCompanyoa,DC=cn"
$query.SearchRoot = $root
$query.filter = "(objectCategory=computer)"
#$query.filter = "(objectCategory=user)"
$query.SearchScope = "subtree"
$query.PageSize = 100; #很奇怪,居然找到了近1万个计算机。。
$result = $query.findAll() |
ForEach-Object -process `
{
if ($_.properties.item("lastLogonTimestamp") -gt 0)
#I get alot of lastLogonTimestamps that are not null but not empty either
#-gt 0 seems to work best as test for valid datestamp
{
$rawLogon = $_.properties.item("lastLogonTimestamp")
$convertedLogOn = [datetime]::FromFileTime([int64]::Parse($rawLogon))
#To translate the lastLogonTimestamp attribute, we can use the FromFileTime static
#method from the system.datetime class. We also use the static method parse
#from the system.int64 class and give it the value we stored in the $rawLogon variable.
#We save the converted datetime object into the $convertedLogOn variable.
#Write-Host $convertedLogOn
$passwordage = ((get-date) - $convertedLogOn)
#Write-Host $passwordage.Days
If($passwordage.Days -gt $maxOldLogonDays)
{
#Write-Host "$($_.properties.item('distinguishedName'))
#has not logged on for more than $maxOldLogonDays days"
$($_.properties.item('distinguishedName')) | out-file $CSVFileLocation -Append #输出原来的DN
#Move-ADObject -Identity "$($_.properties.item('distinguishedName'))" -TargetPath $TargetOU #移动到指定OU
}
}
}
本文出自 “两只老虎” 博客,转载请与作者联系!
相关文章推荐
- 让AD域用户账户只能登陆管理员指定的客户端计算机
- AD之:验证用户账户的过期
- AD日常管理一、新增计算机/用户时重定向AD中默认位置
- 把AD中所有的计算机账户移动到指定OU
- AD中如何让普通域用户帐号能拥有不受次数限制添加计算机到域的权限?
- AD 用户 账户
- 一句话 之 AD -- 禁止非管理账户将计算机加入域--设置ms-DS-MachineAccountQuota属性值为0
- Delphi与Windows 7下的用户账户控制(UAC)机制(有可能需要取消enable runtime themes)
- 限制AD账户可以登录哪些计算机
- 用命令查看整个AD域用户目前正在登录的计算机名
- 2003了解AD用户计算机中的组(自学笔记)
- Get AD Object and disable move delete AD account script 查询删除AD账户计算机
- ad中修改用户账户属性
- win2008r2 AD用户账户的批量导入方法
- 清理过期的AD计算机帐户
- win2008r2 AD用户账户的批量导入方法
- 在AD环境中限定用户登录到指定的计算机
- 清理AD中没有的数据(计算机、DNS等)
- win2008r2 AD用户账户的批量导入方法