Environment: Windows Server, Active Directory
Description: This script runs nightly to remove Active Directory computer objects that have not been used in a 9 month period of time. Why 9 months? I think it is too long, but that's the guesstimate the longest time a student would be off-campus, including semester abroad. Removing the object effectively dis-joins computer from the AD domain. This also logs results to audit-log file... to help explain any issues.
Code:
rem File: RmvOldComputers.bat
rem
rem Purpose: Remove computers from domain older than 'x' weeks
rem
rem Author/Date: Robert Lawson/20-Sep-2005
rem
rem Notes:
rem 1. inactive is expressed in weeks (9 months = 36 weeks).
rem 2. computers that had shared printer will fail ("..is container and contains objects..")
rem
date/t>>C:\Temp\ListOldComputers.txt
dsquery computer "OU=Computer Accounts,DC=uni,DC=edu" -o rdn -limit 0 -inactive 36>>C:\temp\ListOldComputers.txt
rem
rem dsquery computer "OU=Computer Accounts,DC=uni,DC=edu" -limit 0 -inactive 36dsrm -noprompt -c -q
No comments:
Post a Comment