Reputation: 41
Trying to disable inactive AD Computers using Powershell using dsquery
I know this has already been done a thousand times using Get-AdComputer but I'm trying to do it using dsquery and pipe. I want to limit my query to a single parent OU. Here's what I've got:
dsquery computer "OU=Workstations,OU=Domain Computers,DC=Contoso,DC=local" -o dn -inactive 4
As expected this gives me a list of computer distinguished names. Move-Object can only take a distinguished name or a GUID. I am piping it out like this:
dsquery computer "OU=Workstations,OU=Domain Computers,DC=Contoso,DC=local" -o dn -inactive 4 | Move-ADObject -TargetPath "OU=4WEEKS,OU=Decommissioned,OU=Domain Computers,DC=Contoso,DC=local"
I am getting the following error for each distinguished name:
Move-ADObject : Cannot find an object with identity: '"CN=COMPUTER1,OU=TEST,OU=Workstations,OU=Domain Computers,DC=Contoso,DC=local"' under: 'DC=contoso,DC=local'.
So then I've tried moving them by GUID:
$4weeks = dsquery computer "OU=Workstations,OU=Domain Computers,DC=contoso,DC=local" -o rdn -inactive 4
This command does display a list of GUIDs:
$4weeks.replace("`"","") | Get-ADComputer -properties * | select Objectguid |
Then I'm piping it like this:
$4weeks.replace("`"","") | Get-ADComputer -properties * | select Objectguid | Move-ADObject -TargetPath "OU=4WEEKS,OU=Decommissioned,OU=Domain Computers,DC=contoso,DC=local"
And I'm not passing through the Identity parameter properly.
Move-ADObject : Cannot validate argument on parameter 'Identity'. The Identity property on the argument is null or empty.
Any suggestions? I'm a bit new at piping.
Thanks!
Upvotes: 1
Views: 716
Answers (1)
Reputation: 8868
If you're using dsquery to find the computers, why not use dsmod/dsmove to complete the task?
for /f %i in ('dsquery computer "OU=Workstations,OU=Domain Computers,DC=contoso,DC=local" -inactive 4') do (
dsmod computer %i -disabled yes
dsmove %i -newparent "OU=4WEEKS,OU=Decommissioned,OU=Domain Computers,DC=Contoso,DC=local"
)
Note To use this in a batch file you need to double up %
To answer your specific question, you'd need to construct an object before piping as powershell expects objects to come down the pipeline. It's probably easier to just use the text through a Foreach-Object loop
dsquery computer "OU=Workstations,OU=Domain Computers,DC=Contoso,DC=local" -o dn -inactive 4 | Foreach-Object {
Move-ADObject -Identity ($_ -replace '"') -TargetPath "OU=4WEEKS,OU=Decommissioned,OU=Domain Computers,DC=Contoso,DC=local" -PassThru |
Set-ADComputer -Enabled $false
}
Note The double quotes that dsquery adds to the distinguished name need to be removed. That is why -Identity ($_ -replace '"') is present
Upvotes: 1
Related Questions
- Trying to Pull list of computers from AD via powershell
- Get-ADComputer -Filter
- Filtering inactive AD user from cmdlet result?
- PowerShell one-liner to find inactive computers in AD
- List of active directory group members that are not disabled
- Cannot create filter for AD based on whether or not a device is disabled
- Powershell: Find all computers in AD but exclude certain OU's
- How to remotely delete an AD-Computer from Active Directory - Powershell
- Powershell strip computer name from dsquery
- Using PowerShell to get all active-domain computers