Previously I wrote about how we manage to keep Active Directory clean, which in turn helps keep ConfigMgr clean by deprecating old machine objects. Instead of rehashing, you can just read the original post to understand its full purpose.
A major change in this new version is that it adds support for SCCM. If you do not use SCCM then do not move to this one as there is no SCCM=True switch to enable/disable that functionality.
By pulling from ConfigMgr the emails are more useful.
Disabled computer account ABC12345. Last SCCM Inventory:9/5/2016 9:35 PM. Primary User:kfason. Account was moved on 8/8/2016 1:44:43 PM. Description: ::Account Automatically Moved - [8/8/2016 1:44:43 PM] ABC12345 was moved to ou=Disabled,ou=ADCleanup,DC=mydomain,DC=local. Updated the description for account ABC12345.
The flow was changed to be more streamlined as well with this order:
- Delete machine objects that are at that date
- Disable any Active machine objects (that were already moved) that are past its date
- Move any machine objects into ADCleanup that have not touched the domain since its date
- Move any machine objects (out of ADCleanup) that have touched the domain back to where the script found them
- Move any enabled machine objects out of the Disabled OU back to where it found them
Disabled computer account ABC12345 does not have correct disabled time stamp.
Cleaned up description field for CBA54321.
This script is provided as-is, no warranty is provided or implied.The author is NOT responsible for any damages or data loss that may occur through the use of this script. Always test, test, test before rolling anything into a production environment.
You can get the updated script here.