If you need to find computer objects in the AD which are no longer in use and then disable them, this could be a useful command:-
dsquery computer -stalepwd xx | dsmod computer -disabled yes [-desc "Disabled because its password is stale"]
This query's the domain for computer objects with a stale password over xx days. Then modifies those objects so they are disabled, and optionally sets a description on the object with some text.
It would be best to run the query part first (to check its output!) before piping the output to dsmod :)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment