Remove Disabled Computers From Active Directory Groups
Summary
One of my client requested for a solution to remove all disabled computers from Active Direcotry Groups.
Requirement
List ALL DISABLED COMPUTERS in Active Directory and save as a CSV file for reference Update Description attribute for all Disabled Computers Remove the computer from Security Groups.
Solution
PowerShell Version 3.0
Quest AD Management
Script Options
Get the Disabled Computer LIST from Desktop/Laptop Management team
Query the Disabled computers in AD
Code
| # This Script is to remove the disabled AD computers from the Specified Groups # Option 1: With the List provided by Desktop/Laptop Management Team # Option 2: Query the disabled computers from Active Directory and Remove from All Groups. # To update the description with the desired comments "Removed from All Groups via Script" # Used Quest AD PowerShell # OPTION 1 # ________ #Load the Quest AD Management Add-PSSnapin Quest.ActiveRoles.AdManagement -ErrorAction SilentlyContinue $Machine = GC C:\Computer.txt foreach($computer in $Machine) { Get-QADComputer -Identity $computer | Remove-QADMemberOf -Credential "DOMAIN\DomainAdmin" -Confirm:$false Get-QADComputer -Identity $computer | Set-QADComputer -Description "Removed All Groups Via Script" } Write-Host "Removed AD Computer Accounts Successfully!!!" # OPTION 2 # ________ #Load the Quest AD Management Add-PSSnapin Quest.ActiveRoles.AdManagement -ErrorAction SilentlyContinue Get-QADComputer -Inactive -SearchRoot "ForestName/DomainName" | Set-QADComputer -Description "Removed All Groups Via Script" | Remove-QADMemberOf -RemoveAll -Credential "DOMAIN\DomainAdmin" -Confirm:$true |