Tag Archives: AD

Powershell to disable unused computer AD accounts.

Here is a powershell script that can be used to cleanup old computer AD accounts:

Import-Module ActiveDirectory

$date = get-date

$systems = Search-ADAccount -ComputersOnly -AccountInactive -TimeSpan 365

foreach($computer in $systems){

$computer | select-object Name, OperatingSystem, DistinguishedName, LastLogonTimeStamp >> “C:\Scheduled Tasks\AD Cleanup\SystemInfo.csv”

$computer | disable-adaccount

$computer | move-adobject -targetpath “ou=Dormant Computers,dc=xxxx,dc=xxx”

write-host “$computer will be moved to Dormant computers”


First we load the Active Directory Module into Powershell. This has to be added as a Winodws Feature first.
Then we search the AD for all computer accounts which have been inactive for the last 365 days.
In the foreach loop we write the name of the server and LastLogonDate to a csv file to keep as a log.
Then we disable the account and move it to a OU where we keept disabled accounts.
Last we output a stsus message to the console.

Staffan Olofsson