Allow the ability to adjust the timeline for cleanup of AD and CM objects

We have a number of compliance guidelines that require our organization to keep computer accounts that have been retired for a period of x days. We automate through Powershell the cleanup of objects with computer accounts that have not changed password for 60 days, those accounts are disabled and moved to a different OU that is not discovered by CM. Would it be possible to modify the AD cleanup tool to do the following?:

  1. Have a user defined number of days for the disable of a stale device.

  2. Move that device to a user defined OU.

  3. Remove the CM client for that device upon device being disabled

  4. Remove computer accounts from disabled computer objects from the predefined OU after a set period of time.

  5. Possibly add an option to the RCT to mark a device as retired, so our service desk can add that attribute to a device to fast track getting a device into that disabled computers OU.

  • Guest
  • Oct 28 2021
  • Needs review
  • Attach files