We recently needed to remove computers in our Active Directory environment that have not connected in over 180 days. I decided to whip something up in powershell that we could run as an automated task!
Notes:
– Failsafe to make sure you enter a limit greater than 90(don’t want to delete everything by accident right?)
– Credentials are stored clear text
– Logs output to file and purges old logs based on specified time
– I have to try/catch twice nested to solve the issue of objects that are not leafs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
#Import AD Module Import-Module ActiveDirectory #Variables $ArcDays = 30 $DelCompDays = 364 $Fdate = (get-date).ToString("MMddyyy") #Color Errors Function function WriteCustomOutput($message, [System.ConsoleColor]$foregroundcolor, [System.ConsoleColor]$backgroundcolor) { $currentColor = $Host.UI.RawUI.ForegroundColor $currentbackground = $Host.UI.RawUI.Backgroundcolor $Host.UI.RawUI.ForegroundColor = $foregroundcolor $Host.UI.RawUI.Backgroundcolor = $backgroundcolor if ($message) { Write-Output $message >> $pwd\Logs\$Fdate.log Write-Host $message } $Host.UI.RawUI.ForegroundColor = $currentColor $Host.UI.RawUI.Backgroundcolor = $currentbackground } #Fail safe to protect total AD deletion if ($DelComDays -le 90){ $Error = "Error: Deleting under 90 days of inactivity may be dangerous. Script was set to delete over $DelCompDays days. Exiting!" WriteCustomOutput -message "$Error" -foregroundcolor Red -backgroundcolor Black exit } #Set Creds $secpasswd = ConvertTo-SecureString "Password" -AsPlainText -Force $creds = New-Object System.Management.Automation.PSCredential ("username", $secpasswd) #Get AD computers older than $DelCompDays $results = Search-ADAccount -ComputersOnly -AccountInactive -TimeSpan "$DelCompDays.00:00:00" #Loop and try to delete foreach ($result in $results){ if ($result -ne $NULL){ try { Remove-ADComputer -Identity $result.DistinguishedName -confirm:$false -credential $creds $Success = "Deleted: $result.DistinguishedName" WriteCustomOutput -message "$Success" -foregroundcolor green -backgroundcolor DarkMagenta } catch { try { Remove-ADObject -Identity $result.DistinguishedName -Recursive -confirm:$false -credential $creds $Success = "Deleted: $result.DistinguishedName" WriteCustomOutput -message "$Success" -foregroundcolor green -backgroundcolor DarkMagenta } catch { $Error = "Failed to delete: $result.DistinguishedName" WriteCustomOutput -message "$Error" -foregroundcolor Red -backgroundcolor Black } } } else{ $Warning = "No computers older than $DelCompDays days to delete" WriteCustomOutput -message "$Warning" -foregroundcolor yellow -backgroundcolor DarkMagenta } } #Set vars needed for log archiving $now = get-date $lastWrite = $now.AddDays(-$ArcDays) $arcFiles = Get-Childitem $pwd\Logs -Include *.log -Recurse | Where {$_.LastWriteTime -le "$LastWrite"} #Loop and find logs older than $ArcDays foreach ($arcFile in $arcFiles){ if ($arcFile -ne $NULL){ $Warning = "Deleting archive $arcFile due to age older than $ArcDays" WriteCustomOutput -message "$Warning" -foregroundcolor yellow -backgroundcolor DarkMagenta Remove-Item $arcFile.FullName | out-null } else{ $Warning = "No archives older than $ArcDays days to delete" WriteCustomOutput -message "$Warning" -foregroundcolor yellow -backgroundcolor DarkMagenta } } |