I’m a newbie with PS and know very little about it. Â Can anyone provide me a script that does the following. Â Read an OU and all sub-OU’s and find all workstations that have not checked into AD for 60 days and then move those workstations to an archive OU?
You’ll have more success getting the results you are after if you do some of the initial work yourself. There are a ton of scripts out there on forums and blogs now. Break down your work into tasks, and then try to find pieces that accomplish each of the tasks.
For example, you want to find workstations (also known as computers) in AD. There is a Get-ADComputer cmdlet (see here). Example #4 in that documentation shows you how to search from a specific OU. That’s your first step done already.
Next up is to identify computers that have not “checked into AD” for 60 days. How would you describe that in terms of an LDAP search in AD? What properties identify whether a computer has “checked into AD” or not? Once you identify those, figure out if you can use them in the -Filter parameter for Get-ADComputer or not. If not, then you could use Where-Object to filter on the client.
Once you have the computers you want, moving them is relatively easy as well. There is a Move-ADObject cmdlet for that (see here).
See how far you can get with those pointers, then come back with your script in progress with specific questions and you’ll be in a much better position to get the help you need.
Yes, thanks, I have been trying. Â I have this code here:
$COMPAREDATE=GET-DATE
$NumberDays=90
$CSVFileLocation=‘C:\TEMP\OldComps.CSV’
GET-QADCOMPUTER -SizeLimit 0 -IncludedProperties LastLogonTimeStamp |
where { ($CompareDate-$_.LastLogonTimeStamp).Days -gt $NumberDays } |
Select-Object Name, LastLogonTimeStamp, OSName, ParentContainerDN |
Sort-Object ModificationDate, Name | Export-CSV $CSVFileLocation
This works.
What I’m struggling with is reading the file and executing PS against each computer read. Â Â I take my .CSV file and I open it up in Excel. Â then, I take just the ‘computer names’ and place them into a .TXT file. Â when I try to open this file it seems to read the whole file and I get an error that it can’t do anything.
$TR=Get-Content C:\temp\TRComp.txt
foreach ($TR (Move-ADObject $computertomove -TargetPath “OU=DestinationOU,DC=domain,DC=local,DC=net”)
That is the jist of it but I either get syntax errors or it does not work. Â I think I’m close so any pointers you can provide would be nice.
Thank you.
jk
Great, that’s a good start.
To fix your immediate problem, you should do this instead:
foreach ($computerToMove in $TR) {
Move-ADObject $computerToMove -TargetPath ...
}
The first line takes each value in $TR one at a time and assigns it to the $computerToMove variable before executing the loop script block.
Thanks I will play with that. Â One more question, how do I read a certain OU? Â My code reads all of AD and I get way too many machines (servers included) Â I only want machines in an OU and all of its child OUs.
$OU = [ADSI]“LDAP://OU=Acme,DC=COM” Â << should that work?
but I don’t see where I call this on my GET-QADComputer like. Â Â I looked at the GET-HELP Get-QADComputers and it returns a ton of stuff but none of it said “OU”
You’re using both QAD cmdlets and AD cmdlets at the moment. You really don’t need to use both, so I would use one or the other. AD cmdlets are included out of the box and suitable for this task, so instead of using Get-QADComputer, you could just use Get-ADComputer. Example 4 in the help docs (Get-Help Get-ADComputer -Examples) shows you how to query from a specific OU downward.
Thanks, Â I am using a tool called PowerGUI. Â I type in GET-A and it shows me all of the commands I can use starting with the letter A. Â None of them are ADComputer. Â Â Nor do I find this when I open up a CMD/PowerShell window. Â So I’m unclear on where you get help for Get-ADComputer.
I know PowerGUI pretty well (I worked on that team at Quest for 5 years and I was the Product Manager for PowerGUI for the last 2 of those 5 years). 
Since you’re in PowerGUI, you can stick with the QAD cmdlets. Look at example 2 here: http://wiki.powergui.org/index.php/Get-QADComputer. That shows how to specify where to start looking for computer objects.
You probably know a little bit more than I do about PowerShell  OK, I can get my machines into a .TXT file but this is not working.
$NewOU = ‘Acme.com/WorkComputers/_test’
$PCS=Get-Content C:\temp\Machine.txt
Write-Output $PCS Â << Â This works and I see my 1 computer in the file called machine.txt
foreach ($computerToMove in $PCS) {
Move-ADObject $computerToMove $NewOU }
Gives me this error:
The term ‘Move-ADObject’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
I’m missing a command I’m sure but which one?
Short answer: You need to replace Move-ADObject with Move-QADObject.
Some background: PowerShell commands are released in packages. In v1 these were called snapins, and in v2+ they switched to modules (although snapins are still supported). In v1, Microsoft didn’t have any AD commands for PowerShell, so Quest released the QAD cmdlets (the ones that you are using). Later, Microsoft eventually released an AD module that ships with specific versions of the OS and that works on downlevel machines, but that was only available for Windows Server 2008 R2 and later. You could use it to manage downlevel systems via a gateway (mentioned here: http://technet.microsoft.com/en-us/library/dd391908(v=ws.10).aspx). I’ve glossed over the details here, but the end result is that there are two sets of cmdlets, those prefixed with AD (Microsoft’s) and those prefixed with QAD (Quest’s). You should pick one or the other in your scripts, depending on which OS versions you are working on/supporting via PowerShell, and depending on which you prefer as well. I don’t believe Quest is investing anymore into their QAD cmdlets, but I’m out of touch with that group so I could be mistaken (although I doubt it).
You’re fine sticking with the Quest AD cmdlets right now, but if you are on current versions of Windows (Windows 7+ or Server 2008 R2+), you might just want to switch to the Microsoft AD cmdlets (which you can get on Windows 7 using the RSAT tools).