Using Powershell to automate Windows administration tasks is a fairly common thing. I wanted to find out which Active Directory Computer accounts were obsolete or have never been used and then move them into a different Organisational Unit to clean things up a little.
Finding the obsolete accounts was easy enough. I wanted to find any computer that hadn’t logged on to the domain in the last year.
This gave me the name and last logon date.
From here, I used
and it moved the computer accounts to the disabled computers OU.
The full command was
The problem was that this didn’t take into account any computers that hadn’t logged in at all (i.e. they had a null lastlogondate). The first thing I tried was:
but that spat back an error:
After much searching and trying different things, I found that this worked:
Unfortunately this takes all the enabled computer accounts and then filters down through them looking for the ones that have a lastlogondate that equals $null. This means that it’s a lot slower than if we were able to apply the filter directly but for my purposes, it worked and that was all I needed.
It’s inportant to remember to put in the -properties section to bring back the lastlogondate as it isn’t returned by default!