Powershell : désactiver les comptes ordinateurs AD non connectés depuis 60 jours
Powershell : désactiver les comptes ordinateurs AD non connectés depuis 60 jours
Ce script a pour objectif de nettoyer la base des ordinateurs Active Directory en désactivant les machines qui ne sont pas connecté à l’Active Directory depuis plus de 60 jours.
A savoir que vous pouvez le modifier pour :
- Prendre en compte un délais supérieur ou inférieur à 60 jours
- Supprimer un compte ordinateur au lieu de le désactiver (en remplacent la commande Disable-ADComputer par Remove-ADComputer)
- Définir des machines qui ne doivent pas être impactées (avec le filtre -and (Name -notlike « SRV* ») indiquant que les machines dont le nom commence par « SRV » ne seront pas pris en compte)
Afin d’utiliser ce code, créez un fichier .ps1 et copiez-collez y le code ci-dessous :
[pastacode lang= »bash » manual= »%23%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%0A%23%20Script%20de%20purge%20des%20Pc%20AD%20%2B60jrs%0A%23%20%0A%23%20source%20%3A%20www.oameri.com%0A%23%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%0A%23%3D%3D%3D%3D%20Variables%0A%23%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%0A%20%20%20%20%24DaysInactive%20%3D%2060%20%23valeur%20max%20des%20jours%0A%20%20%20%20%24Time%20%3D%20(Get-Date).Adddays(-(%24DaysInactive))%20%0A%0A%20%20%20%20%24CSVfile%20%3D%20%22c%3A%5Cscript%5COLD_Computer_ToDel.csv%22%0A%0A%20%20%20%20%24iM%20%3D%200%20%23%20Compteur%20de%20machine%20supprime%20%2F%20reset%20a%200%20en%20debut%20de%20boucle%20pour%20le%20comptage%0A%20%20%20%20%24TodayTime%20%3D%20Get-Date%20-UFormat%20%25d-%25m-%25Y%20%20%20%20%0A%20%20%0A%20%20%20%20%24RapportTxt%20%3D%20’c%3A%5Cscript%5C’%20%2B%20%24TodayTime%20%2B%20’_log_purge_AD.txt’%0A%0A%23%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%20En%20tete%20du%20rapport%20a%20generer%0A%20%20%20%20echo%20%22%23%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%22%20%3E%20%24RapportTxt%0A%20%20%20%20echo%20%22%23%20Report%20on%20%22%24TodayTime%20%3E%3E%20%24RapportTxt%0A%20%20%20%20echo%20%22%23%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%22%20%3E%3E%20%24RapportTxt%0A%20%20%20%20echo%20%22%20Computer%20desactivated%20%3A%20%22%20%3E%3E%20%24RapportTxt%0A%23%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%20Recuperation%20des%20vieilles%20machines%0A%20%20%20%20Import-module%20ActiveDirectory%0A%23%20Recuperation%20de%20toutes%20les%20machines%20AD%20dont%20la%20derniere%20connexion%20est%20inferieur%20au%20temps%20indique%20et%20dont%20le%20nom%20ne%20commence%20pas%20par%20SRV%20et%20export%20en%20CSV%0A%20%20%20%20%24ComputerToDel%20%3D%20Get-ADComputer%20-Filter%20%7B(LastLogonTimeStamp%20-lt%20%24Time)%20-and%20(Name%20-notlike%20%22SRV*%22)%20-Properties%20Name%2C%20LastLogonTimeStamp%20%7C%20export-csv%20%24CSVfile%20-notypeinformation%0A%0A%23%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%20Traitement%20de%20l’extract%20en%20CSV%0A%20%20%20%20%24CSVImport%20%3D%20Import-Csv%20%24CSVfile%20-Delimiter%20%22%2C%22%20%0A%0A%20%20%20%20ForEach%20(%24Ordinateur%20in%20%24CSVImport)%7B%20%0A%20%20%20%20%20%20%24Name%20%3D%20%24(%24Ordinateur.Name)%0A%20%20%20%20echo%20%24Name%20%3E%3E%20%24RapportTxt%0A%23%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%20Desactivation%20au%20fil%20de%20l’eau%0A%09Disable-ADComputer%20-identity%20%24Name%20-Confirm%3A%24false%0A%09%20%20%24iM%2B%2B%20%23%20incrementer%20le%20compteur%20%0A%20%20%20%20%7D%0A%23%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%20Fin%20du%20rapport%20a%20generer%0A%20%20%20%20echo%20%22%23%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%22%20%3E%3E%20%24RapportTxt%0A%20%20%20%20echo%20%24iM%20%22Computer%20have%20been%20Desactivated%22%20%3E%3E%20%24RapportTxt%0A%20%20%20%20echo%20%22%23%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%22%20%3E%3E%20%24RapportTxt%0A%23%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%20Envoi%20par%20email%20du%20rapport%0A%24MailTo%20%3D%20%22destinataire%40free.fr%22%0A%24MailCC%20%3D%20%22copiecarbone%40free.fr%22%0A%24MailFrom%20%3D%20%22Machine%20desactive%20de%20l’AD%20%3C%20expediteur%40free.fr%20%3E%22%0A%24MailSmtp%20%3D%20%22smtp.free.fr%22%0A%0ASend-MailMessage%20-From%20%24MailFrom%20-To%20%24MailTo%20-CC%20%24MailCC%20-Subject%20%22AD%20-%20Purge%20des%20Workstations%22%20-Body%20%22Voir%20le%20fichier%20de%20log%20en%20PJ%22%20-Attachment%20%24RapportTxt%20-SmtpServer%20%24MailSmtp%0A » message= »Désactiver comptes ordinateurs » highlight= » » provider= »manual »/]
Avant de l’utiliser, pensez à modifier les variables du scripts :
- $DaysInactive :
- $CSVfile : indiquez-y le nom de votre contrôleur de domaine Active Directory
- $RapportTxt : indiquez-y le chemin d’accès complet vers votre fichier .txt de sortie
Ainsi que les variables des paramètres de mails :
- $MailTo : adresse email du destinataire
- $MailCC : adresse email de la copie carbone
- $MailFrom : adresse email de l’expéditeur
- $MailSmtp : serveur smtp pour l’envoi
attention il manque une ‘}’ après « (Name -notlike « SRV* ») »
merci pour ce partage !