- Fix deletion of log files/reports to specific extensions only #24
- Added
TimeOnPendingListto HTML report and passthru object - Added
TimeToLeavePendingListto HTML report and passthru object
- Do verification for missing modules PowerJamf, GraphEssentials when using AzureAD, Intune, Jamf Pro
- Add TargetServers to be able to manually choose servers to target
- Filter now takes string or hashtable so it can be configured per domain
- SearchBase was added. It can take string or hashtable so it can be configured per domain. If you use a string remember that it will only target a single domain and rest of the domains have to be excluded - closes #13
SearchBase = @{
'ad.evotec.xyz' = 'DC=ad,DC=evotec,DC=xyz'
'ad.evotec.pl' = 'DC=ad,DC=evotec,DC=pl'
}-Fixes for error in logging when using module interactively in console instead as a script
- Update HTML report with additional colors
- Fix wrong usage of string in
DisableMoveTargetOrganizationalUnit
- Added to display
ExcludedByFilter,ExcludedBySettingto HTML report. Keep in mind that standard filtering such as LastPassword/LastLogon/WhenCreated are ignored and are treated as "Not required".
- Add
ProtectedFromAccidentalDeletionto the report
Added 3 new parameters:
DisableRequireWhenCreatedMoreThan- disable computers only if they were created more than X days agoMoveRequireWhenCreatedMoreThan- move computers only if they were created more than X days agoDeleteRequireWhenCreatedMoreThan- delete computers only if they were created more than X days ago This is to prevent completly new computers being disabled, moved or deleted. By default Disable/Delete are set to old than 90 days old, and Move is not set at all.
- Fixes for processing computer over and over again when moving computers
- Fixes bad export of aliases in module
- Added
DisableAndMoveOrderto allow for moving computers before disabling them when DisableAndMove is enabled. Options are:DisableAndMove,MoveAndDisable. Default isDisableAndMove(current setting) - Improve handling of processed list when moving computers
- Improve output in HTML report
- Fix typo in HTML report
- Improve Logging Capabilities to not delete log if it's the same folder
- Add additional loggin options
- Fix display issue with HTML report
- Fix for Jamf Pro where it would only process 100 computers
- Fix for processed list during deletion would use DN instead of FullName as expected, preventing deletion
- Fixes typo in a report
- Fixes removing computers from processed list after list conversion
- Fixes conversion logic
- Fixes bug around AzureAD, Intune, Jamf processing wrong computers
- Fixed wrong function placement on import
- Small improvements
Issues resolved:
- Implement move and move on disable #2
- Allow exclude or include for Disable/Delete or Move and Service Principal Name #7
Improvements:
- Add ability to move objects (disable, move or/and delete) as separate action
- disable, move and delete all have their separate rules to act upon
- Add ability to move objects as part of the disable process (disable and move right after) -
DisableAndMoveswitch - Fix handling processing list (using custom search rather then DN which would not work if object was moved)
- Add
DontWriteToEventLogswitch to disable writing to event log - Processed lists now only remove items if delete or move is successful
- Computers is removed from processed list if it's moved, and there's no delete action, otherwise it's removed only on delete. Make sure to not use
Deleteswitch if you don't plan to delete objects - Add ability to exclude or include computers based on specific SPN (Service Principal Name) -
DisableExcludeServicePrincipalNameandDisableIncludeServicePrincipalName - Add ability to exclude or include computers based on specific SPN (Service Principal Name) -
MoveExcludeServicePrincipalNameandMoveIncludeServicePrincipalName - Add ability to exclude or include computers based on specific SPN (Service Principal Name) -
DeleteExcludeServicePrincipalNameandDeleteIncludeServicePrincipalName - Added
DoNotAddToPendingListswitch to disable adding computers to pending list when disabling or moving, and when deletion is enabled
Issues resolved:
- Fixes #4
Following features are added:
- Add support for Forest
- Add support for IncludeDomains
- Add support for ExcludeDomain
- Fixes an error when using processed list when deleting computers
- Fixes an +1 in the count of objects displayed in HTML
- Add an alias to Invoke-ADComputersCleanup
- Show AllProperties for History & Pending values in HTML report
- Fix small issues with HTML
- Fixes critical logic flaw for AzureAD, Intune, Jamf
- Remove verbose from Jamf queries
- Renamed PowerShell module to CleanupMonster
- Invoke-ADComputersCleanup
- Support for more AD controlled parameters
- Added
DisablePasswordLastSetOlderThan - Added
DisableLastLogonDateOlderThan - Added
DeletePasswordLastSetOlderThan - Added
DeleteLastLogonDateOlderThan
- Added
- Support for Azure AD and Intune (via Graph API, requires GraphEssentials module, not installed by default)
- Added
DisableLastSeenAzureMoreThan - Added
DisableLastSyncAzureMoreThan - Added
DisableLastSeenIntuneMoreThan - Added
DeleteLastSeenAzureMoreThan - Added
DeleteLastSyncAzureMoreThan - Added
DeleteLastSeenIntuneMoreThan
- Added
- Support for Jamf Pro (via Jamf Pro API, requires PowerJamf module, not installed by default)
- Added
DisableLastContactJamfMoreThan - Added
DeleteLastContactJamfMoreThan
- Added
- Support for Safety Limits (cleanup will cancel if conditions are not matched, by default disabled)
- Added
SafetyADLimit- minimum X number of computers to be returned from the AD - Added
SafetyAzureADLimit- minimum X number of computers to be returned from the Azure AD - Added
SafetyIntuneLimit- minimum X number of computers to be returned from the Intune - Added
SafetyJamfLimit- minimum X number of computers to be returned from the Jamf Pro
- Added
- Reworked HTML reports to be more readable and some logic changes
- Support for more AD controlled parameters
Showing new options
$DateTime = Get-Date -Year 2021 -Month 8 -Day 19 -Hour 0 -Minute 0 -Second 0
$Output = Invoke-ADComputersCleanup -WhatIf -ReportOnly -Disable -ShowHTML -DisablePasswordLastSetOlderThan $DateTime -DisableLastLogonDateOlderThan $DateTime -DeletePasswordLastSetOlderThan $DateTime -DeleteLastLogonDateOlderThan $DateTime
$OutputWith support for Jamf and Azure AD
Connect-MgGraph -Scopes Device.Read.All, DeviceManagementManagedDevices.Read.All, Directory.ReadWrite.All, DeviceManagementConfiguration.Read.All
Connect-Jamf -Organization 'aaa' -UserName 'aaaa' -Suppress -Force -Password '01000000d08c9ddf0115d1118c7a0'
# this is a fresh run and it will provide report only according to it's defaults
$Output = Invoke-ADComputersCleanup -ReportOnly -SafetyJamfLimit 99 -WhatIf -Disable -ShowHTML -DisableLastSeenAzureMoreThan 80 -DisableLastSyncAzureMoreThan 80 -DisableLastSeenIntuneMoreThan 80 -DisableLastContactJamfMoreThan 80 #-Delete -DeleteListProcessedMoreThan 80
$Output- Clarify HTML information when it comes to PasswordLastSet and LastLogonDays
- Improved reporting when using
ReportOnlyswitch - Improved logging and error handling
- Added some statistics to the report
- Added ability to delete older reports
- Improved reporting when using
ReportOnlyswitch - Added some more logging and error handling
- Improved reporting
- Fixes #1 where it would not add computers to IsProcessedList
- Initial release