Active Directory Clean Up Tools

[DeaconFrost]

I'm trying to clean up two OUs in our Active Directory that contain workstations/computer accounts. Our previous Desktop guy didn't delete the accounts as they were decommissioned or renamed, so we have plenty of stale objects. I'm trying to clean up the list so our new Desktop Support person has a better experience in SCCM. I've tried a few PowerShell scripts with no luck.

Mainly, I'm looking to see if it's possible to output a list of computer account names and the last login they registered. It would be great to know who last logged into the machines, if possible. Any suggestions?

 

[Eulogy]

I don't do any kind of windows admin and I barely even touch powershell, but it seems really simple from the docs.
Using `Get-ADComputer` would return you all computer objects in all OUs. You could use one of the `-filter` params (probably `-LDAPFilter`?) to get the OUs you need. It looks like one of the returns includes `LastLogonDate`.
From all of that you could pipe it to `Remove-ADComputer` if you'd like.

Since you didn't provide which scripts you tried, can't really comment on them, but, if you just read the docs this seems really straight forward to do. Doesn't even seem like this needs a script, just a one line command.

 

[DeaconFrost]

This might be overcomplicated, but here is the script that errored out (this is the common example one, no specific company info included)

Get-ADComputer -Filter * -SearchBase "OU=Servers,DC=SHELLPRO,DC=LOCAL" -Properties * | Sort LastLogon | Select Name, LastLogonDate,@{Name='LastLogon';Expression={[DateTime]::FromFileTime($_.LastLogon)}} | Export-Csv C:\adcomputers-last-logon-ou.csv -NoTypeInformation