We have a number of compliance guidelines that require our organization to keep computer accounts that have been retired for a period of x days. We automate through Powershell the cleanup of objects with computer accounts that have not changed password for 60 days, those accounts are disabled and moved to a different OU that is not discovered by CM. Would it be possible to modify the AD cleanup tool to do the following?:
Have a user defined number of days for the disable of a stale device.
Move that device to a user defined OU.
Remove the CM client for that device upon device being disabled
Remove computer accounts from disabled computer objects from the predefined OU after a set period of time.
Possibly add an option to the RCT to mark a device as retired, so our service desk can add that attribute to a device to fast track getting a device into that disabled computers OU.