Find Inactive Computer objects in Active Directory from multiple OU's












0















I'm struggling to make a PowerShell script and can't find a complete solution online.



Basically the script needs to have multiple functionality:




  1. Needs to return inactive computer objects based on the LastLogon attribute for 30, 60, 90 days.

  2. Needs to return results from multiple OU's, not just one.

  3. Needs to exclude any OU with the word Laptop in it.

  4. Needs to email the results in a .csv to an email address.


Please find my crappy start here which outputs 30,60,90 days but only from one OU. PowerShell Inactive Computers






powershell active-directory







share|improve this question























  • what kind of accuracy do you need for the "last logon time"? as i recall, the LastLogon attribute is per DC and aint replicated. the only way to get full details is to query all your DCs for the LastLogon info and use the newest one. here's a nifty article on the ideas ... “The LastLogonTimeStamp Attribute” – “What it was designed for and how it works” | Ask the Directory Services Team — blogs.technet.microsoft.com/askds/2009/04/15/…

    – Lee_Dailey
    Dec 31 '18 at 4:13











  • to get all the OUs, it looks like you simply leave out the OU parameter. ///// also, you are querying 3 times for the LastLogon. i suspect you could query once for the minimum time span and then filter the results for the two longer time spans.

    – Lee_Dailey
    Dec 31 '18 at 4:14











  • There's a pre-built command that does this: the Search-AdAccount command from Microsoft's ActiveDirectory module. You'll probably have to filter out OUs you don't want but that's not difficult. You can use Export-Csv and Send-MailMessage to do the rest.

    – Bacon Bits
    Dec 31 '18 at 4:28


















0















I'm struggling to make a PowerShell script and can't find a complete solution online.



Basically the script needs to have multiple functionality:




  1. Needs to return inactive computer objects based on the LastLogon attribute for 30, 60, 90 days.

  2. Needs to return results from multiple OU's, not just one.

  3. Needs to exclude any OU with the word Laptop in it.

  4. Needs to email the results in a .csv to an email address.


Please find my crappy start here which outputs 30,60,90 days but only from one OU. PowerShell Inactive Computers






powershell active-directory







share|improve this question























  • what kind of accuracy do you need for the "last logon time"? as i recall, the LastLogon attribute is per DC and aint replicated. the only way to get full details is to query all your DCs for the LastLogon info and use the newest one. here's a nifty article on the ideas ... “The LastLogonTimeStamp Attribute” – “What it was designed for and how it works” | Ask the Directory Services Team — blogs.technet.microsoft.com/askds/2009/04/15/…

    – Lee_Dailey
    Dec 31 '18 at 4:13











  • to get all the OUs, it looks like you simply leave out the OU parameter. ///// also, you are querying 3 times for the LastLogon. i suspect you could query once for the minimum time span and then filter the results for the two longer time spans.

    – Lee_Dailey
    Dec 31 '18 at 4:14











  • There's a pre-built command that does this: the Search-AdAccount command from Microsoft's ActiveDirectory module. You'll probably have to filter out OUs you don't want but that's not difficult. You can use Export-Csv and Send-MailMessage to do the rest.

    – Bacon Bits
    Dec 31 '18 at 4:28
















0












0








0








I'm struggling to make a PowerShell script and can't find a complete solution online.



Basically the script needs to have multiple functionality:




  1. Needs to return inactive computer objects based on the LastLogon attribute for 30, 60, 90 days.

  2. Needs to return results from multiple OU's, not just one.

  3. Needs to exclude any OU with the word Laptop in it.

  4. Needs to email the results in a .csv to an email address.


Please find my crappy start here which outputs 30,60,90 days but only from one OU. PowerShell Inactive Computers






powershell active-directory







share|improve this question














I'm struggling to make a PowerShell script and can't find a complete solution online.



Basically the script needs to have multiple functionality:




  1. Needs to return inactive computer objects based on the LastLogon attribute for 30, 60, 90 days.

  2. Needs to return results from multiple OU's, not just one.

  3. Needs to exclude any OU with the word Laptop in it.

  4. Needs to email the results in a .csv to an email address.


Please find my crappy start here which outputs 30,60,90 days but only from one OU. PowerShell Inactive Computers






powershell active-directory




powershell active-directory






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Dec 31 '18 at 3:59









Marcus BMarcus B

11




11













  • what kind of accuracy do you need for the "last logon time"? as i recall, the LastLogon attribute is per DC and aint replicated. the only way to get full details is to query all your DCs for the LastLogon info and use the newest one. here's a nifty article on the ideas ... “The LastLogonTimeStamp Attribute” – “What it was designed for and how it works” | Ask the Directory Services Team — blogs.technet.microsoft.com/askds/2009/04/15/…

    – Lee_Dailey
    Dec 31 '18 at 4:13











  • to get all the OUs, it looks like you simply leave out the OU parameter. ///// also, you are querying 3 times for the LastLogon. i suspect you could query once for the minimum time span and then filter the results for the two longer time spans.

    – Lee_Dailey
    Dec 31 '18 at 4:14











  • There's a pre-built command that does this: the Search-AdAccount command from Microsoft's ActiveDirectory module. You'll probably have to filter out OUs you don't want but that's not difficult. You can use Export-Csv and Send-MailMessage to do the rest.

    – Bacon Bits
    Dec 31 '18 at 4:28





















  • what kind of accuracy do you need for the "last logon time"? as i recall, the LastLogon attribute is per DC and aint replicated. the only way to get full details is to query all your DCs for the LastLogon info and use the newest one. here's a nifty article on the ideas ... “The LastLogonTimeStamp Attribute” – “What it was designed for and how it works” | Ask the Directory Services Team — blogs.technet.microsoft.com/askds/2009/04/15/…

    – Lee_Dailey
    Dec 31 '18 at 4:13











  • to get all the OUs, it looks like you simply leave out the OU parameter. ///// also, you are querying 3 times for the LastLogon. i suspect you could query once for the minimum time span and then filter the results for the two longer time spans.

    – Lee_Dailey
    Dec 31 '18 at 4:14











  • There's a pre-built command that does this: the Search-AdAccount command from Microsoft's ActiveDirectory module. You'll probably have to filter out OUs you don't want but that's not difficult. You can use Export-Csv and Send-MailMessage to do the rest.

    – Bacon Bits
    Dec 31 '18 at 4:28



















what kind of accuracy do you need for the "last logon time"? as i recall, the LastLogon attribute is per DC and aint replicated. the only way to get full details is to query all your DCs for the LastLogon info and use the newest one. here's a nifty article on the ideas ... “The LastLogonTimeStamp Attribute” – “What it was designed for and how it works” | Ask the Directory Services Team — blogs.technet.microsoft.com/askds/2009/04/15/…

– Lee_Dailey
Dec 31 '18 at 4:13





what kind of accuracy do you need for the "last logon time"? as i recall, the LastLogon attribute is per DC and aint replicated. the only way to get full details is to query all your DCs for the LastLogon info and use the newest one. here's a nifty article on the ideas ... “The LastLogonTimeStamp Attribute” – “What it was designed for and how it works” | Ask the Directory Services Team — blogs.technet.microsoft.com/askds/2009/04/15/…

– Lee_Dailey
Dec 31 '18 at 4:13













to get all the OUs, it looks like you simply leave out the OU parameter. ///// also, you are querying 3 times for the LastLogon. i suspect you could query once for the minimum time span and then filter the results for the two longer time spans.

– Lee_Dailey
Dec 31 '18 at 4:14





to get all the OUs, it looks like you simply leave out the OU parameter. ///// also, you are querying 3 times for the LastLogon. i suspect you could query once for the minimum time span and then filter the results for the two longer time spans.

– Lee_Dailey
Dec 31 '18 at 4:14













There's a pre-built command that does this: the Search-AdAccount command from Microsoft's ActiveDirectory module. You'll probably have to filter out OUs you don't want but that's not difficult. You can use Export-Csv and Send-MailMessage to do the rest.

– Bacon Bits
Dec 31 '18 at 4:28







There's a pre-built command that does this: the Search-AdAccount command from Microsoft's ActiveDirectory module. You'll probably have to filter out OUs you don't want but that's not difficult. You can use Export-Csv and Send-MailMessage to do the rest.

– Bacon Bits
Dec 31 '18 at 4:28














1 Answer
1






active

oldest

votes


















0














Since you are getting the required result, only thing being you need to iterate.



To get all the list of all OU's from AD you can use below command.



$OUs=Get-ADOrganizationalUnit -Filter *  | Select-Object -ExpandProperty DistinguishedName


To exclude any OU with the word Laptop in it, you can use below snippet.



$OUsWithoutLaptop=$OUs | where {$_ -notlike '*Laptop* '}


Then you can use the iteration as in the following sample.



foreach ($item in $OUsWithoutLaptop)

{

    $time = (Get-Date).Adddays(-60)

Get-ADComputer -SearchBase $item -Filter {LastLogon -lt $time -and enabled -eq $true} -Properties LastLogon, description| ? {$_.distinguishedname -notlike '*OU=SydLaptops,OU=SydComputers,OU=Sydney,DC=domain,DC=domain,DC=domain'} |

select-object Name,DistinguishedName, description, enabled,@{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.LastLogon)}} | export-csv $logfile60 -notypeinformation

}





share|improve this answer


























  • As an aside: the Get-ADOrganizationalUnit returns the property DistinghuishedName by default (along with City, Country, LinkedGroupPolicyObjects, ManagedBy, Name, ObjectClass, ObjectGUID, PostalCode, State and StreetAddress), so you should leave out the -Properties *.

    – Theo
    Jan 1 at 14:26











  • @Theo : it makes sense. Edited the same in the code.

    – Venkatakrishnan
    Jan 2 at 3:43











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53983460%2ffind-inactive-computer-objects-in-active-directory-from-multiple-ous%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














Since you are getting the required result, only thing being you need to iterate.



To get all the list of all OU's from AD you can use below command.



$OUs=Get-ADOrganizationalUnit -Filter *  | Select-Object -ExpandProperty DistinguishedName


To exclude any OU with the word Laptop in it, you can use below snippet.



$OUsWithoutLaptop=$OUs | where {$_ -notlike '*Laptop* '}


Then you can use the iteration as in the following sample.



foreach ($item in $OUsWithoutLaptop)

{

    $time = (Get-Date).Adddays(-60)

Get-ADComputer -SearchBase $item -Filter {LastLogon -lt $time -and enabled -eq $true} -Properties LastLogon, description| ? {$_.distinguishedname -notlike '*OU=SydLaptops,OU=SydComputers,OU=Sydney,DC=domain,DC=domain,DC=domain'} |

select-object Name,DistinguishedName, description, enabled,@{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.LastLogon)}} | export-csv $logfile60 -notypeinformation

}





share|improve this answer


























  • As an aside: the Get-ADOrganizationalUnit returns the property DistinghuishedName by default (along with City, Country, LinkedGroupPolicyObjects, ManagedBy, Name, ObjectClass, ObjectGUID, PostalCode, State and StreetAddress), so you should leave out the -Properties *.

    – Theo
    Jan 1 at 14:26











  • @Theo : it makes sense. Edited the same in the code.

    – Venkatakrishnan
    Jan 2 at 3:43
















0














Since you are getting the required result, only thing being you need to iterate.



To get all the list of all OU's from AD you can use below command.



$OUs=Get-ADOrganizationalUnit -Filter *  | Select-Object -ExpandProperty DistinguishedName


To exclude any OU with the word Laptop in it, you can use below snippet.



$OUsWithoutLaptop=$OUs | where {$_ -notlike '*Laptop* '}


Then you can use the iteration as in the following sample.



foreach ($item in $OUsWithoutLaptop)

{

    $time = (Get-Date).Adddays(-60)

Get-ADComputer -SearchBase $item -Filter {LastLogon -lt $time -and enabled -eq $true} -Properties LastLogon, description| ? {$_.distinguishedname -notlike '*OU=SydLaptops,OU=SydComputers,OU=Sydney,DC=domain,DC=domain,DC=domain'} |

select-object Name,DistinguishedName, description, enabled,@{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.LastLogon)}} | export-csv $logfile60 -notypeinformation

}





share|improve this answer


























  • As an aside: the Get-ADOrganizationalUnit returns the property DistinghuishedName by default (along with City, Country, LinkedGroupPolicyObjects, ManagedBy, Name, ObjectClass, ObjectGUID, PostalCode, State and StreetAddress), so you should leave out the -Properties *.

    – Theo
    Jan 1 at 14:26











  • @Theo : it makes sense. Edited the same in the code.

    – Venkatakrishnan
    Jan 2 at 3:43














0












0








0







Since you are getting the required result, only thing being you need to iterate.



To get all the list of all OU's from AD you can use below command.



$OUs=Get-ADOrganizationalUnit -Filter *  | Select-Object -ExpandProperty DistinguishedName


To exclude any OU with the word Laptop in it, you can use below snippet.



$OUsWithoutLaptop=$OUs | where {$_ -notlike '*Laptop* '}


Then you can use the iteration as in the following sample.



foreach ($item in $OUsWithoutLaptop)

{

    $time = (Get-Date).Adddays(-60)

Get-ADComputer -SearchBase $item -Filter {LastLogon -lt $time -and enabled -eq $true} -Properties LastLogon, description| ? {$_.distinguishedname -notlike '*OU=SydLaptops,OU=SydComputers,OU=Sydney,DC=domain,DC=domain,DC=domain'} |

select-object Name,DistinguishedName, description, enabled,@{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.LastLogon)}} | export-csv $logfile60 -notypeinformation

}





share|improve this answer















Since you are getting the required result, only thing being you need to iterate.



To get all the list of all OU's from AD you can use below command.



$OUs=Get-ADOrganizationalUnit -Filter *  | Select-Object -ExpandProperty DistinguishedName


To exclude any OU with the word Laptop in it, you can use below snippet.



$OUsWithoutLaptop=$OUs | where {$_ -notlike '*Laptop* '}


Then you can use the iteration as in the following sample.



foreach ($item in $OUsWithoutLaptop)

{

    $time = (Get-Date).Adddays(-60)

Get-ADComputer -SearchBase $item -Filter {LastLogon -lt $time -and enabled -eq $true} -Properties LastLogon, description| ? {$_.distinguishedname -notlike '*OU=SydLaptops,OU=SydComputers,OU=Sydney,DC=domain,DC=domain,DC=domain'} |

select-object Name,DistinguishedName, description, enabled,@{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.LastLogon)}} | export-csv $logfile60 -notypeinformation

}






share|improve this answer














share|improve this answer



share|improve this answer








edited Jan 2 at 3:42

























answered Dec 31 '18 at 4:15









VenkatakrishnanVenkatakrishnan

597718




597718













  • As an aside: the Get-ADOrganizationalUnit returns the property DistinghuishedName by default (along with City, Country, LinkedGroupPolicyObjects, ManagedBy, Name, ObjectClass, ObjectGUID, PostalCode, State and StreetAddress), so you should leave out the -Properties *.

    – Theo
    Jan 1 at 14:26











  • @Theo : it makes sense. Edited the same in the code.

    – Venkatakrishnan
    Jan 2 at 3:43



















  • As an aside: the Get-ADOrganizationalUnit returns the property DistinghuishedName by default (along with City, Country, LinkedGroupPolicyObjects, ManagedBy, Name, ObjectClass, ObjectGUID, PostalCode, State and StreetAddress), so you should leave out the -Properties *.

    – Theo
    Jan 1 at 14:26











  • @Theo : it makes sense. Edited the same in the code.

    – Venkatakrishnan
    Jan 2 at 3:43

















As an aside: the Get-ADOrganizationalUnit returns the property DistinghuishedName by default (along with City, Country, LinkedGroupPolicyObjects, ManagedBy, Name, ObjectClass, ObjectGUID, PostalCode, State and StreetAddress), so you should leave out the -Properties *.

– Theo
Jan 1 at 14:26





As an aside: the Get-ADOrganizationalUnit returns the property DistinghuishedName by default (along with City, Country, LinkedGroupPolicyObjects, ManagedBy, Name, ObjectClass, ObjectGUID, PostalCode, State and StreetAddress), so you should leave out the -Properties *.

– Theo
Jan 1 at 14:26













@Theo : it makes sense. Edited the same in the code.

– Venkatakrishnan
Jan 2 at 3:43





@Theo : it makes sense. Edited the same in the code.

– Venkatakrishnan
Jan 2 at 3:43


















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53983460%2ffind-inactive-computer-objects-in-active-directory-from-multiple-ous%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Monofisismo

Image
Monofisismo (do grego: monos - "único, singular" e physis - "natureza") é o ponto de vista cristológico que defende que, depois da união do divino e do humano na encarnação histórica, Jesus Cristo, como encarnação do Filho ou Verbo ( Logos ) de Deus, teria apenas uma única "natureza", a divina, e não uma síntese de ambas. O monofisismo é contraposto pelo diofisismo (ou "diafisismo"), que defende que Jesus preservou em si as duas naturezas. Historicamente, o monofisismo se refere primordialmente à posição dos que (especialmente no Egito e, em menor grau, na Síria) rejeitaram as decisões do Concílio de Calcedônia em 451 (o quarto concílio ecumênico). Os membros mais moderados entre eles, porém, defendem a teologia "miafisita", que se tornou a oficial para as Igrejas Ortodoxas Orientais. Muitos ortodoxos orientais, porém, rejeitam essa classificação, mesmo como um termo genérico, mas ele é amplamente utilizado na literatura históri...
Read more

Angular Downloading a file using contenturl with Basic Authentication

Image
0 I have a contentUrl when user clicks on that,file should be downloaded. If I try to browse the contentUrl in the browser it asks for Userid and password.I believe this is Basic Authentication.I dont want user to enter UserId and Password so I am passing it Authorization(Please see below code). Url looks some thing like this: http://XXX.XXX.XX.XXX:8080/flowable-rest/service/runtime/tasks/90875/attachments/90555/content let username : string = 'admin'; let pwd : string = 'test'; let headers = new Headers(); headers.set('Accept', 'text/json'); headers.append('Content-Type', 'application/json'); headers.set('Access-Control-Allow-Origin', '*'); headers.set('Access-Control-Allow-Methods','POST, GET, OPTIONS, PUT, DELETE'); head...
Read more

Olmecas

Image
Monumento 1, uma das quatro cabeças colossais encontradas em La Venta, com altura aproximada de 3 metros Olmecas é a designação do povo e da civilização que estiveram na origem da antiga cultura pré-colombiana da Mesoamérica e que se desenvolveram nas regiões tropicais do centro-sul do atual México durante o pré-clássico, próximo de onde hoje estão localizados os estados mexicanos de Veracruz e Tabasco, no Istmo de Tehuantepec, numa zona designada área nuclear olmeca. A cultura olmeca floresceu nesta região aproximadamente entre 1500 e 400 a.C., [ 1 ] e crê-se que tenha sido a civilização-mãe de todas as civilizações mesoamericanas que se desenvolveram posteriormente. [ 2 ] No entanto, desconhece-se a sua exacta filiação étnica, ainda que existam numerosas hipóteses colocadas para tentar resolver esta questão. O etnónimo olmeca foi cunhado pelos arqueólogos do século XX, e não devem confundir-se com os muito posteriores olmecas-xicalancas que ocuparam vários locais do México...
Read more