2,187
edits
m (→Users: Added "Remove-ADUser") |
m (→Computers: Added "Remove-ADComputer") |
||
(One intermediate revision by the same user not shown) | |||
Line 109: | Line 109: | ||
=== <code>Remove-ADUser</code> examples === | === <code>Remove-ADUser</code> examples === | ||
It would normally be quite foolhardy to delete a user account that wasn't already disabled. Deletion removes group memberships, file-permissions etc etc. Whilst you can create a new account with the same name, it won't have the same [[Acronyms#S|SID]] so '''it's not the same account'''. | |||
<source lang="powershell"> | <source lang="powershell"> | ||
Remove-ADUser -Identity $user -Confirm:$false # $user retrieved from Get-ADUser, -Confirm:$false prevents confirmation prompt | Remove-ADUser -Identity $user -Confirm:$false # $user retrieved from Get-ADUser, -Confirm:$false prevents confirmation prompt | ||
Line 148: | Line 149: | ||
== Computers == | == Computers == | ||
To disable a computer account, use <code>Disable-ADAccoun</code> | |||
=== <code>Get-ADComputer</code> examples === | === <code>Get-ADComputer</code> examples === | ||
<source lang="powershell"> | <source lang="powershell"> | ||
Line 153: | Line 155: | ||
</source> | </source> | ||
* '''LastLogonDate''' - Be aware that the last logon date field typically has an accuracy/tolerance of 14 days, AD intentionally doesn't update the field at every logon from the user/device object so as to reduce the amount of data replication between domain controllers | * '''LastLogonDate''' - Be aware that the last logon date field typically has an accuracy/tolerance of 14 days, AD intentionally doesn't update the field at every logon from the user/device object so as to reduce the amount of data replication between domain controllers | ||
=== <code>Remove-ADComputer</code> examples === | |||
<source lang="powershell"> | |||
Remove-ADComputer -Identity $computer -Confirm:$false | |||
</source> | |||
== Organisation Unit == | == Organisation Unit == |