About a week ago we brought on a new client and immediately noticed, as part of our pre-onboarding due diligence, that they had hundreds of old desktops laptops and servers still in their Active Directory.
To help clean up their AD and reduce their attack surface, we provided them with a list of all of their computers including:
- host name
- date that the computer was last used
- when the computer was created
- operating system
- organizational unit it’s in
- and whether the computer is disabled or not
To do this we used the following very simple PowerShell script:
# Ensure the Active Directory module is imported
Import-Module ActiveDirectory
# Get all computers in the domain
$computers = Get-ADComputer -Filter * -Property Name, OperatingSystem, whenCreated, whenChanged, DistinguishedName, UserAccountControl
# Select the required properties and export to CSV
$computers | Select-Object Name, OperatingSystem,
@{Name='whenCreated';Expression={($_.whenCreated).ToString('yyyy-MM-dd')}},
@{Name='whenChanged';Expression={($_.whenChanged).ToString('yyyy-MM-dd')}},
@{Name='OU';Expression={($_.DistinguishedName -split ',DC=')[0] -replace '(OU=|CN=)', '' -replace ',', '>'}},
@{Name='IsDisabled';Expression={if ($_.UserAccountControl -band 2) { 'Yes' } else { 'No' }}} |
Export-Csv -Path "C:\temp\machines.csv" -NoTypeInformation > $null
From this list the client was then able to flag which machines should be removed and which machines they still wanted to keep around in active directory even though the hardware was gone.
0 Comments