-
-
Save ZJPat/a1d426cc3f1f034cb4c4d1f683025ca8 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Name: Get-OldADMachines.ps1 | |
| Author: James Schlackman | |
| Updated by: Zane JPat, 08/19/2024 | |
| Last Modified: May 20 2024 | |
| 1. Finds computer accounts that have been inactive for more than specified time period and optionally disables them | |
| 2. Finds computer accounts that have been disabled for more than specified time period and optionally deletes them | |
| 3. Added HTML code for better reportings and sepsarted the outputs | |
| #> | |
| #Requires -Modules ActiveDirectory | |
| $header = @" | |
| <style> | |
| h1 { | |
| font-family: Arial, Helvetica, sans-serif; | |
| color: #e68a00; | |
| font-size: 28px; | |
| } | |
| h2 { | |
| font-family: Arial, Helvetica, sans-serif; | |
| color: #000099; | |
| font-size: 16px; | |
| } | |
| table { | |
| width: 100%; | |
| font-size: 12px; | |
| border-collapse: collapse; | |
| font-family: Arial, Helvetica, sans-serif; | |
| table-layout: auto; /* Allows columns to adjust based on content */ | |
| } | |
| td, th { | |
| padding: 8px; | |
| border: 1px solid #ddd; | |
| text-align: left; | |
| } | |
| th { | |
| background: #395870; | |
| background: linear-gradient(#49708f, #293f50); | |
| color: #fff; | |
| font-size: 12px; | |
| text-transform: uppercase; | |
| vertical-align: middle; | |
| } | |
| tbody tr:nth-child(even) { | |
| background: #f0f0f2; | |
| } | |
| #CreationDate { | |
| font-family: Arial, Helvetica, sans-serif; | |
| color: #ff3300; | |
| font-size: 12px; | |
| } | |
| .StopStatus { | |
| color: #ff0000; | |
| } | |
| .RunningStatus { | |
| color: #008000; | |
| } | |
| </style> | |
| "@ | |
| # Initialize StringBuilders for two reports | |
| $htmlReportMoved = New-Object System.Text.StringBuilder | |
| $htmlReportMoved.AppendLine("<html><head>$header</head><body>") | Out-Null | |
| Param( | |
| [Parameter()] [String[]] $SearchOUs, | |
| [Parameter()] [String] $DisabledOU, | |
| [Parameter()] [Int] $DaysInactive, | |
| [Parameter()] [Boolean] $DisableDormantAccounts = $false, | |
| [Parameter()] [Boolean] $DeleteOldDisabledAccounts = $true | |
| ) | |
| Import-Module ActiveDirectory | |
| $DisableAccounts = $null | |
| $time = (Get-Date).Adddays(-($DaysInactive)) | |
| $QueryProperties = 'LastLogonTimestamp', 'OperatingSystem', 'PwdLastSet', 'OperatingSystemServicePack', 'SerialNumber', 'description' | |
| # Properties to be used for query output | |
| $DisplayProps = 'Name', | |
| 'OperatingSystem', | |
| 'Description', | |
| @{N='SerialNumber'; E={$_.SerialNumber[0]}}, | |
| @{N='LastLogonTimestamp'; E={[DateTime]::FromFileTime($_.LastLogonTimestamp)}}, | |
| @{N='PwdLastSet'; E={[DateTime]::FromFileTime($_.PwdLastSet)}}, | |
| 'DistinguishedName' | |
| If ($DisableDormantAccounts) { | |
| # Find inactive/dormant computer accounts | |
| $SearchOUs | ForEach-Object { | |
| $DisableAccounts += Get-ADComputer -SearchBase $_ -SearchScope Subtree -Filter {(LastLogonTimestamp -lt $time) -And (Enabled -eq $True)} -Properties $QueryProperties | |
| } | |
| If ([bool]@($DisableAccounts)) { | |
| Write-Host "`nInactive accounts found: $(@($DisableAccounts).Count)`nSee grid export for details and select accounts to be disabled.`n" | |
| $SelectedAccounts = $DisableAccounts | Select $DisplayProps | Out-GridView -OutputMode Multiple -Title ('Computer accounts that have been dormant for {0} days' -f $DaysInactive) | |
| # If accounts were selected to be disabled | |
| If ($SelectedAccounts) { | |
| # Confirm account action | |
| Write-Host ('Do you want to disable the {0} selected inactive computer accounts now? ' -f @($SelectedAccounts).Count) -ForegroundColor Red -NoNewline | |
| If ((Read-Host '[y/N]').ToUpper() -eq 'Y') { | |
| $SelectedAccounts | ForEach-Object { | |
| # Disable accounts | |
| Disable-ADAccount -Identity $_.DistinguishedName -Confirm:$false | |
| # Move disabled objects to specified OU | |
| Move-ADObject -Identity $_.DistinguishedName -TargetPath $DisabledOU -Confirm:$false | |
| } | |
| # Output log | |
| $OutputPath = "$(Get-Date -Format yyMMdd-HHmm) Inactive Computer Accounts.csv" | |
| Write-Host 'Exporting log to ' -NoNewline | |
| Write-Host $OutputPath -ForegroundColor Green | |
| $SelectedAccounts | Export-CSV -Path $OutputPath -NoTypeInformation | |
| } | |
| } | |
| } | |
| } | |
| $htmlReportDormants.AppendLine("<p>List of domant Accounts: $DisableDormantAccount</p>") | Out-Null | |
| If ($DeleteOldDisabledAccounts) { | |
| # Find disabled computer accounts that have been dormant for the selected period (including those disabled above) | |
| $PurgeAccounts = Get-ADComputer -SearchBase $DisabledOU -SearchScope Subtree -Filter {LastLogonTimestamp -lt $time} -Properties $QueryProperties | |
| Write-Host "`nDisabled accounts found: $(@($PurgeAccounts).Count)" | |
| If ($PurgeAccounts) {Write-Host "See grid export for details and select accounts to be deleted.`n"} | |
| $SelectedAccounts = $PurgeAccounts | Select $DisplayProps | Out-GridView -OutputMode Multiple -Title ('Disabled computer accounts that have been dormant for {0} days' -f $DaysInactive) | |
| # If accounts were selected for deletion | |
| If ($SelectedAccounts) { | |
| # Confirm account action | |
| Write-Host ('Do you want to PERMENANTLY DELETE the {0} selected disabled computer accounts now? ' -f @($SelectedAccounts).Count) -ForegroundColor Red -NoNewline | |
| If ((Read-Host '[y/N]').ToUpper() -eq 'Y') { | |
| # Delete disabled accounts | |
| $SelectedAccounts | ForEach-Object {Remove-ADObject -Identity $_.DistinguishedName -Recursive -Confirm:$false} | |
| # Output log | |
| $OutputPath = "$(Get-Date -Format yyMMdd-HHmm) Disabled Computer Accounts.csv" | |
| Write-Host 'Exporting log to ' -NoNewline | |
| Write-Host $OutputPath -ForegroundColor Green | |
| $SelectedAccounts | Export-CSV -Path $OutputPath -NoTypeInformation | |
| } | |
| } | |
| } | |
| $htmlReportDeleted.AppendLine("<p>Delete Old Disabled Accounts: $DeleteOldDisabledAccounts</p>") | Out-Null | |
| $htmlReportDeleted.AppendLine("<table><thead><tr><th>Name</th><th>Distinguished Name</th><th>When Created</th></tr></thead><tbody>") | Out-Null | |
| # Convert StringBuilder to strings | |
| $htmlReportDormants = $htmlReportDormants.ToString() | |
| $htmlReportDeleted = $htmlReportDeleted.ToString() | |
| # Output the HTML reports to separate files | |
| $htmlReportDormants | Out-File "C:\temp\dmp\ADAccounts-Dormants-Report_$(Get-Date -f yyyy-MM-dd-HHmm).html" | |
| $htmlReportDeleted | Out-File "C:\temp\dmp\ADAccounts-Deleted-Report_$(Get-Date -f yyyy-MM-dd-HHmm).html" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment