Announcement

Collapse
No announcement yet.

Active directory cleanup

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active directory cleanup

    Hi there,
    I'm looking to clean up some stale computer objects in active directory.
    I'm looking to identify those objects which have been stale for roughly a year and have no description.

    When their identified we'll disable them and most likely move them to another OU with a description saying when they were disabled.

    dsquery computer "[Valid OU]" -name * -desc “” -stalepwd 365 -limit 300

    I can't seem to find anything that will return the objects that DON'T have a description without a fairly complicated VB script or another (non microsoft) tool.

    Is there an easy solution?
    If not, do you have a working script which we can adapt?


    Thanks in advance for your time and help guys!
    Cheers,
    Serrix.

  • #2
    Re: Active directory cleanup

    You can try this command

    for /f "Tokens=*" %a in ('dsquery computer -stalepwd 365 -limit 0') do DSMOVE %a -newparent "ou=disabled computers,dc=domain,dc=com">>stalecomputer_result. txt

    this will move all computers that stale for a year then move the stale computers to this ou=disabled computers,dc=domain,dc=com.

    Hope it helps!
    Last edited by totoy bato; 24th April 2009, 04:02.

    Comment


    • #3
      Re: Active directory cleanup

      Very nice bit of code!
      Rep++
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment

      Working...
      X