使用PowerShell命令查询Active Directory中长时间没有登录计算机帐户。本文章以60天为例,大家可以根据需要修改。
下面给出脚本:
# This PowerShell Command will query Active Directory and return the computer accounts which have not logged for the past
# 60 days. You can easily change the number of days from 60 to any number of your choosing. lastLogonDate is a Human
# Readable conversion of the lastLogonTimeStamp (as far as I am able to discern. More details about the timestamp can
$then = (Get-Date).AddDays(-60) # The 60 is the number of days from today since the last logon.
Get-ADComputer -Property Name,lastLogonDate -Filter {lastLogonDate -lt $then} | FT Name,lastLogonDate
# If you would like to Disable these computer accounts, uncomment the following line:
# Get-ADComputer -Property Name,lastLogonDate -Filter {lastLogonDate -lt $then} | Set-ADComputer -Enabled $false
# If you would like to Remove these computer accounts, uncomment the following line:
# Get-ADComputer -Property Name,lastLogonDate -Filter {lastLogonDate -lt $then} | Remove-ADComputer
转载于:https://blog.51cto.com/3032439/1855878