Stale Computers

Updated Stale Computers

#Stale Computer removal

#get a list of all Computer Objects that have not reset their password for 90 days or more

#  Exclude machines in the exception list, this may include hardware appliances and ClusterNames

#    (Create an AD group called "Stale Computer Exception list" and add machines to it)

# If the operating System is a workstation OS (XP, Vista, Windows 7)

#   delete the computer object from AD and email the list of delete workstions to helpdesk / change control

# If the OS is not a workstation create at ticket to have the machine investigated for removal or exception

#   eventually once we have the list filtered down we should be able to just automatically remove all stale machines not on the exception list

#       

#By default the password for the computer object is reset every 30 days

#pwdLastSet attribute is replicated to all Domain Controllers

$StartTime = Get-Date

IF (Get-PSSnapin | where {$_.name -eq "quest.activeroles.admanagement"})

   {write-host "Quest Active Roles snapin already loaded"}

Else

   {add-PSSnapin  quest.activeroles.admanagement}

$InactiveDays = "90"

$InactiveFrom = [Math]::Round(( `

 New-TimeSpan $(Get-Date("01/01/1601 00:00:00")) `

 ((Get-Date).AddDays(-$InactiveDays))).TotalSeconds, 0)

$InactiveFrom = "$($InactiveFrom.ToString())0000000"

$LdapFilter = "(&(pwdLastSet<=$InactiveFrom)(!pwdLastSet=0))"

#$StaleFile = "C:\StaleComputers.csv"

$DeletedComputerFile = "C:\scripts\Output\DeletedComputers.csv"

$StaleWorkstationsFile = "C:\scripts\Output\StaleWorkstations.csv"

$StaleServersFile= "C:\scripts\Output\StaleServers.csv"

$smtpServer = "mail.blah.com"

$WorkstationTo = "Help Desk <helpdesk@blah.com>"

$ServerTo = "Kevin Curran <kcurran@blah.com>"

$DeletedTo = "Kevin Curran <kcurran@blah.com>"

$From = "AD Reporting <ADReporting@blah.com>"

$StaleCompOU = "blah.com/Maintenance/StaleComputers"

#Delete machine accounts that have previously listed/notified as stale

#and moved to the StaleComputers OU for at least a week

$DeletedComputers =Get-QADComputer -SearchRoot $StaleCompOU -LastChangedBefore $(Get-Date).adddays(-6) `

-LdapFilter $LdapFilter -IncludedProperties pwdLastSet -NotMemberOf "IT Stale Computer Exceptions"

If ($DeletedComputers -eq $null)

   {Write-Host "No stale computers to delete"}

Else {$DeletedComputers | Remove-QADObject -Force}

$StaleComputers =Get-QADComputer -LdapFilter $LdapFilter -IncludedProperties pwdLastSet `

-NotMemberOf "IT Stale Computer Exceptions" | where { $_.'ParentContainer' -ne $StaleCompOU }

#Move Stale Workstation Machines

$StaleWorkstations = $StaleComputers | where {$_.OperatingSystem -like "*XP*" -or

$_.OperatingSystem -like "Windows 7*" -or

$_.OperatingSystem -like "Windows Vista*"}

$StaleWorkstations | Move-QADObject -NewParentContainer $StaleCompOU

$StaleServers = $StaleComputers | where {$_.OperatingSystem -notlike "*XP*" -and

$_.OperatingSystem -notlike "Windows 7*" -and

$_.OperatingSystem -notlike "Windows Vista*"}

#foreach ($machine in $StaleComputers)

#{

# $machine | Add-Member -membertype noteproperty -name Pingable -Value $(Test-Connection -Quiet -Count 2 -ComputerName $machine.name)

## #need to catch error "No such host is known"

## $machine | Add-Member -membertype noteproperty -name NameResolution -Value `

## $([System.Net.Dns]::GetHostAddresses($machine.name)).IPAddressToString

#}

#$StaleComputers | export-CSV -NoTypeInformation $StaleFile

$StopTime = Get-Date

$ElapsedTime =$StopTime - $StartTime

If ($DeletedComputers -eq $null)

   {Write-Host "No machines to Delete"}

Else {

$DeletedComputers | Select-Object Name, Description, operatingSystem, pwdLastSet, parentContainer |

sort pwdLastSet  | Export-Csv -NoTypeInformation $DeletedComputerFile

   $message ="The following Computer accounts have been deleted from the the `"$StaleCompOU`" "

$message = $message + "OU. This usually means the computer has not "

$message = $message + "been on or communicating with active directory for at least 90 days." + "`r`n`r`n"

   $message = $message + $(foreach ($machine in $DeletedComputers) {$($machine.Name) + "`r`n"}) + "`r`n`r`n"

$message = $message + "This script was run by " + $env:username + " on " + $env:COMPUTERNAME

   #Send Email

   Send-MailMessage -From $From -To $DeletedTo -Bcc $Bcc -SmtpServer $smtpServer `

-Subject "Deleted computer Accounts" -Body $message -Attachments $DeletedComputerFile

}

If ($StaleWorkstations -eq $null)

   {Write-Host "No stale Workstations have been found"}

Else {

$StaleWorkstations | Select-Object Name, Description, operatingSystem, pwdLastSet, parentContainer |

sort pwdLastSet  | Export-Csv -NoTypeInformation $StaleWorkstationsFile

   $message ="The following Stale Computer accounts are being moved to the `"$StaleCompOU`" "

$message = $message + "OU and will be deleted in a week if they do not update their Computer accounts "

$message = $message + "or get moved to a different OU. This usually means the computer has not "

$message = $message + "been on or communicating with active directory for at least 90 days." + "`r`n`r`n"

   $message = $message + $(foreach ($machine in $StaleWorkstations) {$($machine.Name) + "`r`n"}) + "`r`n`r`n"

$message = $message + "This script was run by " + $env:username + " on " + $env:COMPUTERNAME

   #Send Email

   Send-MailMessage -From $From -To $WorkstationTo -SmtpServer $smtpServer `

-Subject "Deleting Stale Workstations" -Body $message -Attachments $StaleWorkstationsFile

}

If ($StaleServers -eq $null)

   {Write-Host "No stale Servers have been found"}

Else {

$StaleServers | Select-Object Name, Description, operatingSystem, pwdLastSet, parentContainer |

sort pwdLastSet  | Export-Csv -NoTypeInformation $StaleServersFile

$message = ""

$message = $message + "The following Stale Computer accounts should be removed from AD "

$message = $message + "or added to the `"IT Stale Computer Exceptions`" AD Group" + "`r`n`r`n"

   $message = $message + $(foreach ($machine in $StaleServers) {$($machine.Name) + "`r`n"}) + "`r`n`r`n"

$message = $message + "This script was run by " + $env:username + " on " + $env:COMPUTERNAME

#Send Email

   Send-MailMessage -From $From -To $ServerTo -SmtpServer $smtpServer `

-Subject "Stale Computer Accounts" -Body $message -Attachments $StaleServersFile

}

Write-host "Script completed in $([Math]::Round($ElapsedTime.TotalSeconds,0)) Seconds `r`n"