Active Directory Administrator are responsible for active directory management like domain management, create user, manage computer objects, groups in active directory. As an admin, we have to keep track on inactive adcomputer and remove adcomputer which is inactive or never logged on.
Remove-AdComputer cmdlet in PowerShell removes an Active Directory computer. Identity parameter specifies the ad computer to remove using GUID, Distinguished Name, Security Identifier or SAMAccountName.
Get-AdComputer cmdlet in Active Directory used to get adcomputer from active directory based on search criteria and pass adcomputer objects to Remove-AdComputer to remove computers from active directory.
In this blog post, I will explain how to use Remove-AdComputer in Active directory to remove adcomputer, remove all computers from specified location and remove adcomputer and all leaf objects that are located in specified directory.
Remove-AdComputer remove an active directory computer.
Remove-ADComputer [-WhatIf] [-Confirm] [-AuthType <ADAuthType>] [-Credential <PSCredential>] [-Identity] <ADComputer> [-Partition <String>] [-Server <String>] [<CommonParameters>]
–AuthType – It specifies authentication method to use. AuthType parameter accepts either Basic (or 1) or Negotiate (or 0). It has Negotiate default authentication method.
SSL (Secure Socket Layer) connection is required to use Basic Authentication method.
–Credential PSCredential – It specifies user credentials required to perform Remove-AdComputer task. It default accepts credentials of logged on users.
To use Credential parameter, use username as User1 or domain\User1 or you can create and use
PSCredential object by using
-Identity – It specifies Active Directory object using distinguished name, GUID , security identifier or SAMAccountName
-Partition – It specifies the distinguished name of an active directory partition.
Remove-AdComputer from Active Directory
To remove adcomputer from active directory which are inactive or never logged on in xx days, use
Remove-AdComputer as below
Remove-ADComputer -Identity "HR-101"
In the above PowerShell script, Remove-AdComputer remove computer from active directory specified by Identity parameter.
When we run above command, it will prompt to perform this action as below
On Y or Yes to All option selection, Remove-AdComputer remove active directory computer.
Remove all AdComputer from Specified Location
If you want to remove all adcomputer from specified location, you need to use Get-AdComputer cmdlet to get ad computers using Filter conditions as below
Get-ADComputer -Filter 'Location -eq "EU/RHS"' | Remove-ADComputer
In the above PowerShell script,
Get-AdComputer get ad computers from location using filter parameter where Location equal to EU/RHS region and pass output to second command.
Remove-AdComputer removes adcomputer from active directory retrieved using Get-AdComputer cmdlet.
Output of above script to get adcomputers from location and remove-adcomputer as below
Remove-AdComputer cmdlet ask for prompt to confirm remove computer form active directory.
Remove AdComputer Without Prompt
To remove adcomputer without prompt in specified location using Remove-AdComputer run below command
Get-ADComputer -Filter 'Location -eq "EU/RHS"' | Remove-ADComputer -Confirm:$False
In the above PowerShell script, remove-adcomputer cmdlet remove computers from active directory retrieved using Get-AdComputer.
Confirm:$False parameter does not prompt for confirmation to remove adcomputer.
Cool Tip: Using Group Managed Service Accounts in Active Directory!
In the above article, we learnt to remove adcomputer from specified location or remove specified adcomputer using distinguished name specified using Identity parameter.
Remove-AdComputer remove computer from active directory, you need to use Get-AdComputer to get ad computers from active directory.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on ShellGeek home page.