The Multifunctioning DBA

Jul 23 2009   9:43PM GMT

More with Quest AD Powershell CMDLETS

Colin Smith Colin Smith Profile: Colin Smith

I am continuing work on the script that I am converting from VBScript to Powershell and I must say that it is going quite well with the help of the Quest cmdlets. In the script I want to go through a particular OU and delete any accounts that are currntly disabled, and were created a minimum of 180 days ago, and have not been used in a minimum of 180 days. I can do this with the following block of code.

$deletedays = – 180
$deletedate = [datetime]::Now.AddDays($deletedays)

Get-QADUser -SearchRoot “pni.us.ad.gannett.com/PNI/Users/Disabled” | where{(($_.lastlogontimestamp.value -lt $deletedate) -and ($_.creationdate -lt $deletedate) -and ($_.AccountIsDisabled -eq “True”))}  | Tee-Object -filepath “c:\removedaccounts.txt” | Remove-QADObject -Force

So you will also notice that I am using the Tee-Object cmdlet. This is not a quest cmdlet but it is nice as I can log what accounts I am deleting with the Remove-QADObject cmdlet that is provided by Quest. Be careful when doing things like removing accounts in scripts and be sure to test completly. A good way to test is to use the -whatif clause. This will show you what would happen if you did run it.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: