Stale Computer Accounts

Posted by Brajesh Panda on July 23, 2012

Below script will help us to determine if the computer account is a stale account. I have “Quest Active Roles Management Shell for Active Directory”.

I am importing computer names from computers.txt; Using Quest PowerShell cmdlet to select specific required attributes, calculating & sorting as per password. Lastly exporting to CSV file.

Get-Content .\computers.txt | ForEach {Get-QADComputer -IncludeAllProperties $_ | select name, pwdlastset, lastLogonTimestamp, @{n=”PWAge”;e={((get-date)- $_.pwdLastSet).days}}, whencreated, WhenChanged, operatingSystem, operatingSystemVersion, dNSHostName, distinguishedName, Guid, Sid} | sort PWAge -desc | Export-Csv cmp1.csv -NoTypeInformation –Force

Search Active Directory for stale computer accounts which didn’t report from last 90days;

$StaleAge = (Get-Date).AddDays(-90)
Get-QADComputer -IncludeAllProperties -SizeLimit 0 | where {$_.pwdLastSet -le $StaleAge -and $_.operatingSystem -notlike “*Server*”} |select name, AccountIsDisabled, pwdlastset, lastLogonTimeStamp, @{n=”PasswordAge”;e={((get-date)- $_.pwdLastSet).days}}, whencreated, WhenChanged, operatingSystem, operatingSystemVersion, dNSHostName, ParentContainer | sort ParentContainer -desc | Export-Csv -NoTypeInformation c:\StaleComputerAccounts.csv

“-notlike” filters server operating sytem computer accounts

“AccountIsDisabled” shows which computer accounts are already disabled.

If you have large number of computer accounts; it is going to take a while. So you may like to send the output using a mail script;  Make sure your mail server can relay mails from the machine where you are running/scheduling the script

Send-MailMessage –From “” –To “” –Subject “Stale Computer Accounts (Workstations)” –Body “Find the attached stale computer accounts list. These computers were not reported to Contoso domain from last 90days or more. Please make sure your allocated Organizational Units & Default Computer container is cleaned.” -Attachments “c:\StaleComputerAccounts.csv” –SmtpServer

Here is a nice article


