Script Repository

Deprovision computers

February 25, 2021

This script deprovisions an Active Directory computer account associated with a user. You can use it as a part of the user deprovisioning process. For information onhow to add it to the built-in Deprovision custom command, see Configure User Deprovisioning.

To use the script as a part of a business rule, scheduled task, or custom command, you need to add the Run a program or PowerShell script action that executes the script.


  • $targetOUDN - Specifies the distinguished name (DN) of the Organizational Unit where disabled coputers are located.
Note: The script uses cmdlets from Adaxes PowerShell module for Active Directory. To run it, you need to install the PowerShell Module for Active Directory component of Adaxes.
Edit Remove
Import-Module Adaxes

$targetOUDN = "OU=DisabledByAutomation,DC=domain,DC=com" # TODO: modify me

$accountName = "%samAccountName%"
$expirationDate = [System.DateTime]::Now

# Get user domain name
$domainName = $Context.GetObjectDomain("%distinguishedName%")

# Build search filter
$filter = "name -like '$accountName*'"
# Search the user's computer
$computers = Get-AdmComputer -Filter $filter -Server $domainName -AdaxesService localhost

if($computers -eq $NULL)
    $Context.LogMessage("No computers", "Warning") # TODO: modify me

foreach($computer in $computers)
    # Disable computer account
    Disable-AdmAccount -Identity $computer.DistinguishedName -Server $domainName -AdaxesService localhost
    # Set account expiration date and change description
    Set-AdmComputer -Identity $computer.DistinguishedName -Description "Deprovisioned on %datetime% by %initiator%. %description%" `
        -AccountExpirationDate $expirationDate -Server $domainName -AdaxesService localhost
    # Move computer in $targetOU
    Move-AdmObject -Identity $computer.DistinguishedName -TargetPath $targetOUDN -Server $domainName -AdaxesService localhost

Comments ( 0 )
No results found.
Leave a comment