Export object location from CSV

Question

I need to export the object location of servers from a list. I have tried using the following script, but it only checks the mentioned OU, how can I search the entire domain and export the canonical name of the object to a CSV.

Get-ADObject -Filter 'Name -like "*"' -Searchbase 'OU=ManagedGroups,DC=Fabrikam,DC=com' | Export-CSV ExportOU.csv

https://serverfault.com/editing-help – Sven Jul 20 '17 at 15:15 — Sven, Jul 20 '17 at 15:15

Cory Knutson · Answer 1 · 2017-07-20T22:14:44.473

Get-ADObject will give you way more information than you typically want; however, this is what you are asking for.

Get-AdObject -Filter * | Export-CSV "ExportOU.csv" -NoTypeInformation

I would be glad to help you get a resonable query if you would like to describe what you are trying to do.

To find AD Computer objects, use:

Get-ADComputer -Filter * | Export-CSV "ExportOU.csv" -NoTypeInformation

For cleaning old computer accounts, I recommend something like below. I wrote this a while ago to look for any computer objects that have not been "Logged Into" or connected to the domain in a specified amount of time. IT DOES REQUIRE a "Inactive" OU to be in the root of the domain (or just inside the level that you point the function at).

Import-Module ActiveDirectory

function Disable-AdInactiveUsers {
    [CmdletBinding()]
    Param(
        [Parameter(Mandatory=$true)]
        [string]$OuPath,

        [int]$MonthsInactive = 13
        )
    Write-Verbose "Looking for computer accounts older than $MonthsInactive months"
    Write-Verbose "Processing: $OuPath"

    if ($MonthsInactive -gt 0) 
    {
        $MonthsInactive = $MonthsInactive * -1
    }

    # Get users inside a specific OU with the needed properties
    $users = Get-ADComputer -Filter * -Properties LastLogonDate,Description,MemberOf,Info,Created -SearchScope Subtree -SearchBase $OuPath

    # Create an array and filter the users by last login,                                                 only enabled users,    and not created recently 
    $inactive = @()
    $inactive += $users | Where-Object {$_.LastLogonDate -lt (Get-Date).AddMonths($MonthsInactive) -and ($_.Enabled -eq "True") -and ($_.Created -lt (Get-Date).AddMonths($MonthsInactive))} 

    # List users here that should be ingored, make sure to have at least two entries. They can both be "".
    $whitelist = "DC1",""

    $processedUsers = @()
    $skippedServers = @()

    if ($inactive.Count -gt 0){
        Write-Verbose "- Found inactive computer accounts:"

        # This ForEach loop adds their group memberships to the notes field, then removes group memberships
        $inactive | ForEach-Object {
            # If computer is whitelisted, skip this loop
            if ($whitelist -contains $_.samAccountName) {Write-Verbose "- Skipping whitelisted user: $($_.samAccountName)"; return}

            # If computer is in a server OU, skip
            if ($_.DistinguishedName -like "*Server*") {$skippedServers += $_ ;Write-Verbose "- Skipping Server: $($_.Name)"; return}


            Write-Verbose "- - Computer: $($_.UserPrincipalName) `tLastLogon: $($_.LastLogonDate)"

            # Add notes for original location, group memberships, and LastLogonDate
            $notes = "Orig Path: `r`n$($_.DistinguishedName) `r`n`r`nMemberships: `r`n$($_.MemberOf -join "`r`n") `r`n`r`nLastLogon: $($_.LastLogonDate)`r`n$($_.Info)"
            Set-ADUser $_ -Description $("Disabled $(Get-Date -Format yyyy-MM-dd) (Inactive) - " + $_.Description) -Replace @{info=$notes}

            # Add current user to the output
            $processedUsers += $_
        }

        Write-Verbose "- Disabling inactive accounts..."
        $processedUsers | Disable-ADAccount

        Write-Verbose "- Moving inactive objects..."
        $processedUsers | Move-ADObject -TargetPath "OU=Inactive,$OuPath"

        Write-Host "Done. These Servers were skipped:"
        Write-Host $($skippedServers.Name)

        $processedUsers
    }
    else {
        Write-Verbose "No inactive accounts found."
    }

    Write-Verbose ""
}

# Create an empty container for the users that get disabled
$DisabledUsers = @()

$DisabledUsers += Disable-AdInactiveUsers -OuPath "DC=Example,DC=com"

# If users were disabled, build and send an email with user information
if($DisabledUsers.Count -gt 0) {
    $emailBody = "<head>
<style>
table{
  border-collapse: collapse;
  border: 1px solid black;
}
th,td {
  border-color:black;
  border-width:1px;
  border-style:solid;
  padding: 5px;
}
</style>
</head>
<body>
 <p>These users have been disabled for inactivity:</p> 
 <table>
   <tr>
     <td>Computer</td>
     <td>LastLogon</td>
     <td>DN</td>
   </tr>"

    $DisabledUsers | ForEach-Object {$emailBody = $emailBody + "`r`n  <tr>`r`n    <td>$($_.Name)</td>`r`n    <td>$($_.LastLogonDate)</td>`r`n    <td>$($_.DistinguishedName)</td>`r`n  </tr>" }
    $emailBody = $emailBody + "`r`n </table>`r`n <p>Sent via script on $($env:COMPUTERNAME)</p>`r`n</body>"

    Send-MailMessage -SmtpServer "mail.example.com" -To "user@example.com" -From "script@example.com" -Subject "[Script] Computers ($($DisabledUsers.Count)) disabled due to inactivity" -Body $emailBody -BodyAsHtml
}

Hi . I'm trying to find the ou of a ton of ad computer accounts I am trying to decom. I have the list in csv format. — JJJJNR, Jul 20 '17 at 21:03

Export object location from CSV

1 Answers1