Script Repository


Deprovision all computers managed by a user

October 06, 2015
1017

The script disables all computers managed by a user and moves them to a dedicated Organizational Unit for disabled computers. To use it as a part of a Business Rule, Scheduled Task, or Custom Command, you need to add the Run a program or PowerShell script action that executes the script.

Note: The script uses cmdlets from Adaxes PowerShell module for Active Directory. To run it, you need to install the PowerShell Module for Active Directory component of Adaxes.

Parameters:

  • $targetOUDN - specifies the Distinguished Name (DN) of the Organizational Unit where the disabled computer accounts will be moved.
Edit Remove
PowerShell
Import-Module Adaxes

$targetOUDN = "OU=Disabled Computers,OU=Workstations,DC=domain,DC=com" # TODO: modify me

$computers = Get-AdmComputer -LdapFilter "(managedBy=%distinguishedName%)" `
    -AdaxesService localhost
    
if ($computers -eq $NULL)
{
    return
}

# Bind to the target Organizational Unit
$targetOU = $Context.BindToObjectByDN($targetOUDN)

foreach ($computerID in $computers)
{
    # Bind to the computer
    $computer = $Context.BindToObjectByDN($computerID)

    # Update Computer Account
    $computer.Put("description", $description)
    $computer.Put("managedBy", $NULL)
    $computer.AccountDisabled = $True
    
    # Save changes
    $computer.SetInfo()
    
    # Move the computer account
    $targetOU.MoveHere($computer.AdsPath, $NULL)
}

Comments ( 0 )
No results found.
Leave a comment