Deleting computer accounts
As discussed in the previous section, as a system administrator one must adhere to the security policies of the organization and keep their Active Directory database clean and tidy. As part of this process, you might want to delete stale/offline computer objects from Active Directory.
Use the following simple command to delete a computer account:
Remove-ADComputer -Identity COMP1
The most common use case is searching for computers older than x days and removing them. You can achieve this using the following command:
$Computers = Get-ADComputer -Filter * -Properties LastLogonDate | ? {$_.LastLogonDate -lt (get-date).Adddays(-10) } $Computers | Remove-ADComputer
Tip
You need to be very careful while performing the delete operation. Any mistake in the filters can result in your production computers being deleted. So, I prefer storing the Get-ADComputer cmdlet results in a variable ($computer in this example), reviewing the list, and then passing it to the Remove-ADComputer...
