1 / 8

AD Maintenance via PowerShell

AD Maintenance via PowerShell. Developed By: Mario Eirea Advisor : Dr. S. Masoud Sadjadi School of Computing and Information Sciences Florida International University meire001@fiu.edu http://www.cs.fiu.edu/~sadjadi/ . Agenda. Problem and Motivation Solution Behind the Scene

ina
Download Presentation

AD Maintenance via PowerShell

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AD Maintenance via PowerShell Developed By: Mario Eirea Advisor : Dr. S. Masoud SadjadiSchool of Computing and Information SciencesFlorida International University meire001@fiu.edu http://www.cs.fiu.edu/~sadjadi/

  2. Agenda • Problem and Motivation • Solution • Behind the Scene • Customizing the Solution • Disclaimer • Progress Report

  3. Problem and Motivation: • A common problem faced in corporate IT environments that house Active Directory (AD) domains is that many computers are added and removed to the domain. Over time, this can lead to a bloated AD that contains hundreds or thousands of unorganized/expired accounts.

  4. Solution • Using a PowerShell script, one can crawl through the AD and check parameters such as last logon time and computer name to sort and move computers. The computers can be organized or removed according to corporate policies.

  5. Behind the Scene • The PowerShell script will search though the AD using commandlets: • Get-ADOrganizationalUnit • Get-AdComputer • Then move computers into the appropriate OUs with Move-ADObject. • Primary logic will revolve around the properties “Name” and “lastLogonTimestamp”. • The first 4 characters of the computers name will match to an OU code. When the match is detected it will move the computer to the “Computers” OU inside the matching parent OU. • “lastLogonTimestamp” will be used as a basis for computer activity. When this value exceedes 246 days, it will be moved to an OU named “Offline” and the account deactivated. Once the computer is offline for more than 365 it will be removed from the domain.

  6. Customizing the Solution • The source for this script will be freely available, this allows customization over all aspects of operation. Changing the variables that control computer name matching or logon time, the script can be changed for varying corporate requirements.

  7. Disclaimer • This PS script is very dependent on ridged AD design specifications. • Using any script the manipulates mass quantities of data can be dangerous and destructive, please make sure the script is tested thoroughly on non production environments before deploying into production.

  8. Progress Report • Initial script is completed. Testing functionality. • Need to complete training video and documentation

More Related