Today I had an active directory with many old computer accounts. I was looking for a good and nice PowerShell command to get all the old computers accounts in my screen. who hadn’t login for a long time.
Logon to the Domain controller > Go to the Active Directory Module for Windows PowerShell and use it with the administrative rights.
[ This one you can find under Administrative Tool > Active Directory Module for Windows PowerShell ]
To find old computer accounts use the following PowerShell command:
get-adcomputer -properties lastLogonDate -filter * | where { $_.lastLogonDate -lt (get-date).addmonths(-12) } | sort Name | FT Name,LastLogonDate
When you have used this account you will see a long list with old computer accounts.
And to delete the old computer accounts:
get-adcomputer -properties lastLogonDate -filter * | where { $_.lastLogonDate -lt (get-date).addmonths(-12) } | Remove-ADComputer
When you have entered command you get a question if you are really sure. ( enter the letter A for all accounts )
You will see that the active directory will be emptied with these old computer accounts.
I see that the Powershell Active Directory Module is not availbable for Windows Server 2008?
You have to look in administratieve tools. Or you have to install a new role or feature. I can’t say it right now where to install but it’s one of above.