1 / 8

Streamlining Active Directory Maintenance Using PowerShell: A Corporate IT Solution

This presentation addresses the prevalent issue of bloated Active Directory (AD) environments in corporate IT settings, where numerous unorganized or expired accounts accumulate over time. We propose a PowerShell script that effectively manages AD by organizing or removing computers based on corporate policies. The script uses commandlets to search through AD, moving computers to appropriate Organizational Units (OUs) based on parameters like last logon time. Customization options make it adaptable for varied corporate needs. Safety disclaimers emphasize the importance of rigorous testing on non-production systems.

ina
Télécharger la présentation

Streamlining Active Directory Maintenance Using PowerShell: A Corporate IT Solution

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AD Maintenance via PowerShell Developed By: Mario Eirea Advisor : Dr. S. Masoud SadjadiSchool of Computing and Information SciencesFlorida International University meire001@fiu.edu http://www.cs.fiu.edu/~sadjadi/

  2. Agenda • Problem and Motivation • Solution • Behind the Scene • Customizing the Solution • Disclaimer • Progress Report

  3. Problem and Motivation: • A common problem faced in corporate IT environments that house Active Directory (AD) domains is that many computers are added and removed to the domain. Over time, this can lead to a bloated AD that contains hundreds or thousands of unorganized/expired accounts.

  4. Solution • Using a PowerShell script, one can crawl through the AD and check parameters such as last logon time and computer name to sort and move computers. The computers can be organized or removed according to corporate policies.

  5. Behind the Scene • The PowerShell script will search though the AD using commandlets: • Get-ADOrganizationalUnit • Get-AdComputer • Then move computers into the appropriate OUs with Move-ADObject. • Primary logic will revolve around the properties “Name” and “lastLogonTimestamp”. • The first 4 characters of the computers name will match to an OU code. When the match is detected it will move the computer to the “Computers” OU inside the matching parent OU. • “lastLogonTimestamp” will be used as a basis for computer activity. When this value exceedes 246 days, it will be moved to an OU named “Offline” and the account deactivated. Once the computer is offline for more than 365 it will be removed from the domain.

  6. Customizing the Solution • The source for this script will be freely available, this allows customization over all aspects of operation. Changing the variables that control computer name matching or logon time, the script can be changed for varying corporate requirements.

  7. Disclaimer • This PS script is very dependent on ridged AD design specifications. • Using any script the manipulates mass quantities of data can be dangerous and destructive, please make sure the script is tested thoroughly on non production environments before deploying into production.

  8. Progress Report • Initial script is completed. Testing functionality. • Need to complete training video and documentation

More Related