从CSV导出对象位置

Get-ADObject将为您提供比您通常想要更多的信息; 然而，这是你所要求的。

 Get-AdObject -Filter * | Export-CSV "ExportOU.csv" -NoTypeInformation 

如果你想描述你正在做的事情，我会很乐意帮助你得到一个合理的查询。

要findAD计算机对象，请使用：

 Get-ADComputer -Filter * | Export-CSV "ExportOU.csv" -NoTypeInformation 

为了清理旧电脑帐户，我build议如下所示。 我前一段时间写了这个程序来查找任何没有“login到”或连接到指定时间的域的计算机对象。 IT要求“无效的”OU是域中的根（或者在您指向该function的级别内）。

 Import-Module ActiveDirectory function Disable-AdInactiveUsers { [CmdletBinding()] Param( [Parameter(Mandatory=$true)] [string]$OuPath, [int]$MonthsInactive = 13 ) Write-Verbose "Looking for computer accounts older than $MonthsInactive months" Write-Verbose "Processing: $OuPath" if ($MonthsInactive -gt 0) { $MonthsInactive = $MonthsInactive * -1 } # Get users inside a specific OU with the needed properties $users = Get-ADComputer -Filter * -Properties LastLogonDate,Description,MemberOf,Info,Created -SearchScope Subtree -SearchBase $OuPath # Create an array and filter the users by last login, only enabled users, and not created recently $inactive = @() $inactive += $users | Where-Object {$_.LastLogonDate -lt (Get-Date).AddMonths($MonthsInactive) -and ($_.Enabled -eq "True") -and ($_.Created -lt (Get-Date).AddMonths($MonthsInactive))} # List users here that should be ingored, make sure to have at least two entries. They can both be "". $whitelist = "DC1","" $processedUsers = @() $skippedServers = @() if ($inactive.Count -gt 0){ Write-Verbose "- Found inactive computer accounts:" # This ForEach loop adds their group memberships to the notes field, then removes group memberships $inactive | ForEach-Object { # If computer is whitelisted, skip this loop if ($whitelist -contains $_.samAccountName) {Write-Verbose "- Skipping whitelisted user: $($_.samAccountName)"; return} # If computer is in a server OU, skip if ($_.DistinguishedName -like "*Server*") {$skippedServers += $_ ;Write-Verbose "- Skipping Server: $($_.Name)"; return} Write-Verbose "- - Computer: $($_.UserPrincipalName) `tLastLogon: $($_.LastLogonDate)" # Add notes for original location, group memberships, and LastLogonDate $notes = "Orig Path: `r`n$($_.DistinguishedName) `r`n`r`nMemberships: `r`n$($_.MemberOf -join "`r`n") `r`n`r`nLastLogon: $($_.LastLogonDate)`r`n$($_.Info)" Set-ADUser $_ -Description $("Disabled $(Get-Date -Format yyyy-MM-dd) (Inactive) - " + $_.Description) -Replace @{info=$notes} # Add current user to the output $processedUsers += $_ } Write-Verbose "- Disabling inactive accounts..." $processedUsers | Disable-ADAccount Write-Verbose "- Moving inactive objects..." $processedUsers | Move-ADObject -TargetPath "OU=Inactive,$OuPath" Write-Host "Done. These Servers were skipped:" Write-Host $($skippedServers.Name) $processedUsers } else { Write-Verbose "No inactive accounts found." } Write-Verbose "" } # Create an empty container for the users that get disabled $DisabledUsers = @() $DisabledUsers += Disable-AdInactiveUsers -OuPath "DC=Example,DC=com" # If users were disabled, build and send an email with user information if($DisabledUsers.Count -gt 0) { $emailBody = "<head> <style> table{ border-collapse: collapse; border: 1px solid black; } th,td { border-color:black; border-width:1px; border-style:solid; padding: 5px; } </style> </head> <body> <p>These users have been disabled for inactivity:</p> <table> <tr> <td>Computer</td> <td>LastLogon</td> <td>DN</td> </tr>" $DisabledUsers | ForEach-Object {$emailBody = $emailBody + "`r`n <tr>`r`n <td>$($_.Name)</td>`r`n <td>$($_.LastLogonDate)</td>`r`n <td>$($_.DistinguishedName)</td>`r`n </tr>" } $emailBody = $emailBody + "`r`n </table>`r`n <p>Sent via script on $($env:COMPUTERNAME)</p>`r`n</body>" Send-MailMessage -SmtpServer "mail.example.com" -To "[email protected]" -From "[email protected]" -Subject "[Script] Computers ($($DisabledUsers.Count)) disabled due to inactivity" -Body $emailBody -BodyAsHtml }