Disable & Move old AD Computer Objects

A quick script to take a list from CSV and disable, then move objects in AD…

Remember everyone – don’t just cut & paste scripts from the internet and run them, without understanding what they are doing first, ff in doubt – DON’T run it!

Always build in sanity checking and also test on a sample set of data/test environment.

#Check AD record.
$computerlist=Import-Csv c:\temp\computers.csv
$computerlist | ForEach-Object {
$adobj = $_

try
{
$adcomp= Get-ADComputer -Identity $adobj.computername 
$errorvar = '0' 
}
catch
{
Write-host "Unable to find a computer" ($adobj.computername)
$errorvar = '1'
}

if ($errorvar -ne '1')
 {
 try
 {
 Set-ADComputer -Identity $adcomp -Enabled $false -ErrorAction Stop
 $errorvar= '0'
 }
 catch
 {
 Write-Host "Unable to disable AD account for" ($adobj.computername)
 $errorvar='1'
}
}
else
{
}
if ($errorvar -ne '1')
{
 try
 {
 Move-ADObject -Identity $adcomp -TargetPath 'OU=TBDelete,DC=mydomain,DC=local'
 $errorvar= '0'
 }
 catch
 {
 Write-Host "Unable to move AD account for" ($adobj.computername)
 $errorvar='1'
}
 }
 else
 {
 }
Clear-Variable -Name adcomp
}
Advertisements

DNS PTR record checking

I was recently asked how to find the missing PTR records…. so here it goes – 1st draft.

#Check records on DNS server itself.
$DNSsvr='YourDNS'
$DNSAZone='Your Main A Zone FQDN here'
$DNSrecords=Get-DnsServerResourceRecord -ZoneName $DNSAZone -ComputerName $DNSsvr -RRType A
$DNSrecords | ForEach-Object {
$dnsobj = $_
$IPsplit=(($dnsobj.RecordData).IPv4Address.IPAddressToString -split "\.")
$PTRZone=$IPsplit[2]+'.'+$IPsplit[1]+'.'+$IPsplit[0]+'.in-addr.arpa'
try
{
$CHK1=Get-DnsServerZone -ComputerName $DNSsvr -Name $PTRZone -ErrorAction Stop
$errorvar = '0' 
}
catch
{
Write-host "Unable to find a reverse lookup zone for" $PTRZone "for record" ($dnsobj.HostName)
$errorvar = '1'
}
if ($errorvar -ne '1')
{
 try
 {
 $RevDNSrecords=Get-DnsServerResourceRecord -ZoneName $CHK1.ZoneName -ComputerName $DNSsvr -RRType Ptr -Name $IPsplit[3] -ErrorAction Stop
 $errorvar= '0'
 }
 catch
 {
 Write-Host "Unable to find a record for" ($dnsobj.HostName) "in" $PTRZone
 $errorvar='1'
}
 }
 else
 {
 }
Clear-Variable -Name CHK1
}