Monday, August 20, 2018

Powershell - check ADMT already done on workstation

Because this specific migration was feed in user name and computer names from the business (ie full of mistakes) it was super common for computers to be targeted to be migrated a second time.

The issue with that is step one of ADMT is to delete the destination computer account (or reset the password, I forget which). The affect of that was you throw the computer off the domain and at next reboot the user needs the service to re-join the computer to the domain.

This checked old v new to tell you if the computer had moved, and had rebooted after the migration and was ready for a user.

$computers = Import-Csv C:\temp\computerlist.txt

foreach ($computers in $computers){

$looked=Get-ADcomputer -Filter 'Name -like $thisPC' -Properties * -SearchScope Subtree
$old=Get-ADcomputer -Filter 'Name -like $thisPC' -Properties * -server ""

if ($old -eq $null) {$thisPC + " not in OLD domain - not a valid name"}

if ($looked.SamAccountName -eq $null -and $old -ne $null) {$thisPC + ", Not in NEW (OLD only) OLD enabled? " + $old.Enabled + " " + $old.Description + "OLD last logon " + $old.LastLogonDate }
if ($looked.LastLogonDate -ne $null)
if ($looked.LastLogonDate -ge $old.LastLogonDate) { write-host $thisPC " --------> newer in NEW Domain" }
if ($looked.SamAccountName -ne $null -and $looked.LastLogonDate -eq $null  )  {$thisPC + " computer has never logged on FAILED migration, in migration now?, OLD enabled? " + $old.Enabled + $old.Description + " OLD last logon " + $old.LastLogonDate}

No comments:

Blog Archive