Introduction
Welcome to part 4 in my Active Directory Cleanup Series. This part is concentrated on pulling a report of Windows Operating Systems that are obsolete/unsupported. Using this report you can review them and decide if they should be removed or upgraded.
Script 1: Long 1 liner.
The following script was posted on one of our blogs. It’s essentially a long 1 line script if you remove the cls. Take a look at the way it uses the filter to select what operating systems it believes is unsupported.
cls
Get-ADcomputer -Filter {(operatingsystem -like "*xp*") -or (operatingsystem -like "*vista*") -or (operatingsystem -like "*Windows NT*")-or (operatingsystem -like "*2000*") -or (operatingsystem -like "*2003*")} -Property Name,OperatingSystem,OperatingSystemServicePack,lastlogontimestamp,enabled | where {$_.enabled -eq $true} | Format-Table Name,OperatingSystem,OperatingSystemServicePack,@{name="lastlogontimestamp"; expression={[datetime]::fromfiletime($_.lastlogontimestamp)}} -Wrap -AutoSize
Script 2: My preferred way
Script 2 uses some of my recommended ways to build a reusable script. It includes help, comments, parameters, CSV file creation, and pulls anything older than Windows 10 1809 by default.
Function Get-OldOperatingSystems {
<#
.SYNOPSIS
This Function searches Active Directory for old operating systems.
.DESCRIPTION
This Function searches Active Directory for old operating systems.
.PARAMETER OperatingSystemVersion
The version of the operating to consider as the minimum supported operating system. The default value is 10.0.17763 which is Windows 10 1809.
.PARAMETER ExportToCSV
If specified location and CSV file to output the results. Default is the script directory location and a file named OldOperatingSystems_yyyyMMss.csv.
.EXAMPLE
Get-OldOperatingSystems
Old OS Computers Found: 5
Output was sent to D:\Scripts\ActiveDirectory\OldOperatingSystems_20200108.csv
Name Enabled OperatingSystem OperatingSystemServicePack OperatingSystemVersion IPv4Address LastLogonDate PasswordLastSet OSBuild
---- ------- --------------- -------------------------- ---------------------- ----------- ------------- --------------- -------
COMPUTER1 True Windows 10 Enterprise 10.0 (16299) 172.16.1.2 12/31/2019 12:01:55 AM 12/12/2019 6:40:53 PM 10.0.16299
COMPUTER2 False Windows 7 Enterprise Service Pack 1 6.1 (7601) 6.1.7601
COMPUTER3 False Windows 10 Enterprise 10.0 (14393) 3/19/2019 5:57:25 PM 3/19/2019 6:10:19 PM 10.0.14393
COMPUTER4 True Windows 10 Enterprise 10.0 (16299) 192.168.1.121 1/3/2020 8:50:46 PM 12/12/2019 9:32:25 PM 10.0.16299
COMPUTER5 False Windows 10 Enterprise 10.0 (16299) 11/12/2019 11:00:58 PM 9/17/2019 3:12:49 PM 10.0.16299
.EXAMPLE
Get-OldOperatingSystems -OperatingSystemVersion "10.0.16300"
Old OS Computers Found: 4
Output was sent to D:\Scripts\ActiveDirectory\OldOperatingSystems_20200108.csv
Name Enabled OperatingSystem OperatingSystemServicePack OperatingSystemVersion IPv4Address LastLogonDate PasswordLastSet OSBuild
---- ------- --------------- -------------------------- ---------------------- ----------- ------------- --------------- -------
COMPUTER1 True Windows 10 Enterprise 10.0 (16299) 172.16.1.2 12/31/2019 12:01:55 AM 12/12/2019 6:40:53 PM 10.0.16299
COMPUTER2 False Windows 7 Enterprise Service Pack 1 6.1 (7601) 6.1.7601
COMPUTER4 True Windows 10 Enterprise 10.0 (16299) 192.168.1.121 1/3/2020 8:50:46 PM 12/12/2019 9:32:25 PM 10.0.16299
COMPUTER5 False Windows 10 Enterprise 10.0 (16299) 11/12/2019 11:00:58 PM 9/17/2019 3:12:49 PM 10.0.16299
.EXAMPLE
Get-OldOperatingSystems -OperatingSystemVersion "10.0.16300" -ExportToCSV "C:\Reports\OldOSs.csv"
Old OS Computers Found: 4
Output was sent to C:\Reports\OldOSs.csv
Name Enabled OperatingSystem OperatingSystemServicePack OperatingSystemVersion IPv4Address LastLogonDate PasswordLastSet OSBuild
---- ------- --------------- -------------------------- ---------------------- ----------- ------------- --------------- -------
COMPUTER1 True Windows 10 Enterprise 10.0 (16299) 172.16.1.2 12/31/2019 12:01:55 AM 12/12/2019 6:40:53 PM 10.0.16299
COMPUTER2 False Windows 7 Enterprise Service Pack 1 6.1 (7601) 6.1.7601
COMPUTER4 True Windows 10 Enterprise 10.0 (16299) 192.168.1.121 1/3/2020 8:50:46 PM 12/12/2019 9:32:25 PM 10.0.16299
COMPUTER5 False Windows 10 Enterprise 10.0 (16299) 11/12/2019 11:00:58 PM 9/17/2019 3:12:49 PM 10.0.16299
.LINK
Windows 10 Build Versions - https://docs.microsoft.com/en-us/windows/release-information/
.LINK
Operating System Versions - https://docs.microsoft.com/en-us/windows/win32/sysinfo/operating-system-version
#>
[CmdletBinding()]
param(
# # of days ago to purge
[Version]$OperatingSystemVersion = "10.0.17763",
# Specifies to export to the specified csv file
[String] $ExportToCSV = $($PSScriptRoot + "\OldOperatingSystems_" + $(Get-Date -Format yyyyMMdd) +".csv")
)
$AllProperties = $("Name","Enabled","OperatingSystem","OperatingSystemServicePack","OperatingSystemVersion","IPv4Address","LastLogonDate","PasswordLastSet")
$AllPropertiesPlusBuild = $AllProperties + @{name="OSBuild"; expression={([Version](($_.OperatingSystemVersion -replace " \(",".") -replace "\)",""))}}
$OldOSs = $null
$OldOSs = Get-ADComputer -Filter {OperatingSystem -like "*Windows*" -and OperatingSystem -notlike "*server*"} -Properties $AllProperties | Select-Object $AllPropertiesPlusBuild | ? {$_.OSBuild -lt $OperatingSystemVersion}
If ($OldOSs) {
$OldOSs | Export-Csv -Path $ExportToCSV -NoTypeInformation -Force
Write-Output "Old OS Computers Found: $($OldOSs.count)"
Write-Output "Output was sent to $ExportToCSV"
$OldOSs | FT -AutoSize
} Else {
Write-Output "No old operating systems returned that were below $OperatingSystemVersion"
}
}
cls
Get-OldOperatingSystems
Summary
Running a quick 1 line command is great for spur of the moment requirements. However, if you invest a few extra minutes to build in parameters, file output and a couple decisions you end up with a script that you can add to your repository, reuse and share with colleagues with pride. Stay tuned for more in this series of PowerShell: Active Directory Cleanup.