This script will help you find unused computer accounts and help you keep your active directory free of obsolete objects. The script scans the active directory and finds all computer accounts which haven’t “logged on” or authenticated to a DC for a given number of days. The results are then exported to CSV.
Even though the script is very short and simple I have split it into three parts variables, functions and script main for added clarity.
Variables
#VARIABLES $scriptpath = $MyInvocation.MyCommand.Path $dir = Split-Path $scriptpath #path to the directory in which the script is run. $CSV = "$dir\$(get-date -format "yyyy-MM-dd HH-mm-ss")_UnusedComputerAccounts.csv" #results will be exported to csv to a file with this path #Parameters $DaysBack = 90 #computer accounts who haven't authenticated in this amount of days will be exported to CSV.
$CSV is the path to the CSV file which will be created and the end of the script run. It relies on the object $dir which always points to the directory which the script was started in. This is practical as it allows me to copy and move the script around without having to change any paths.
Remember to set the $DaysBack value to your needs before you run the script.
Functions
#FUNCTIONS
function Find-UnusedComputers {
if (-not(Get-Module -name "activedirectory")) {
Import-Module ActiveDirectory | out-null
}
$unusedComputers = @(get-adcomputer -properties lastLogonDate -filter * | where { $_.lastLogonDate -lt (get-date).addDays(-$DaysBack)})
$unusedComputers = $unusedComputers | Sort-Object @{Expression={$_.LastLogonDate}}
Return $unusedComputers
}
1. Function Find-UnusedComputers
The script only has this single function. First it imports active directory module for powershell and then uses the cmdlet Get-ADComputer to get all the computer accounts that haven’t authenticated in $DaysBack days. The results are then sorted by last logon date using Sort-Object and the @{Expression} syntax which allows me to sort by the properties of the array elements. The unused computers are then returned.
Script Main
#SCRIPT MAIN $unusedComputers = Find-UnusedComputers $unusedComputers | Export-CSV $CSV -force -NoTypeInformation
The script main is very simple consisting of only two lines. First I use the Find-UnusedComputers function to get the computer accounts. Then, in the second line, the results are exported to CSV.
I have copied in the full script below. I hope you find it useful.
#####################################################################################
##Script: Get-UnusedComputers.ps1
##Description: Finds unused computer accounts in the AD by getting all computer
#+ accounts with a last logon date older than $daysback days. The results
#+ are then exported to a CSV file.
##Created by: Noam Wajnman
##Created: December 25, 2012
##Updated: April 07, 2014
#####################################################################################
#FUNCTIONS
function Find-UnusedComputers {
if (-not(Get-Module -name "activedirectory")) {
Import-Module ActiveDirectory | out-null
}
$unusedComputers = @(get-adcomputer -properties lastLogonDate -filter * | where { $_.lastLogonDate -lt (get-date).addDays(-$DaysBack)})
$unusedComputers = $unusedComputers | Sort-Object @{Expression={$_.LastLogonDate}}
Return $unusedComputers
}
#VARIABLES
$scriptpath = $MyInvocation.MyCommand.Path
$dir = Split-Path $scriptpath #path to the directory in which the script is run.
$CSV = "$dir\$(get-date -format "yyyy-MM-dd HH-mm-ss")_UnusedComputerAccounts.csv" #results will be exported to csv to a file with this path
#Parameters
$DaysBack = 90 #computer accounts who haven't authenticated in this amount of days will be exported to CSV.
#SCRIPT MAIN
$unusedComputers = Find-UnusedComputers
$unusedComputers | Export-CSV $CSV -force -NoTypeInformation
Noam's scripting blog 