Script Repository


Deprovision all computers managed by a user

February 25, 2021
1576

The script disables all computers managed by a user and moves them to a dedicated Organizational Unit for disabled computers. To use it as a part of a business rule, scheduled task, or custom command, you need to add the Run a program or PowerShell script action that executes the script.

Note: The script uses cmdlets from Adaxes PowerShell module for Active Directory. To run it, you need to install the PowerShell Module for Active Directory component of Adaxes.

Parameters:

  • $targetOUDN - Specifies the distinguished name (DN) of the Organizational Unit where the disabled computer accounts will be moved.
Edit Remove
PowerShell
Import-Module Adaxes

$targetOUDN = "OU=Disabled Computers,OU=Workstations,DC=domain,DC=com" # TODO: modify me

$computers = Get-AdmComputer -LdapFilter "(managedBy=%distinguishedName%)" `
    -AdaxesService localhost
    
if ($computers -eq $NULL)
{
    return
}

# Bind to the target Organizational Unit
$targetOU = $Context.BindToObjectByDN($targetOUDN)

foreach ($computerID in $computers)
{
    # Bind to the computer
    $computer = $Context.BindToObjectByDN($computerID)

    # Update Computer Account
    $computer.Put("description", $description)
    $computer.Put("managedBy", $NULL)
    $computer.AccountDisabled = $True
    
    # Save changes
    $computer.SetInfo()
    
    # Move the computer account
    $targetOU.MoveHere($computer.AdsPath, $NULL)
}

Comments ( 0 )
No results found.
Leave a comment