A nice quick script to get machines that have not logged on to the network in over x days, move to another OU and disable.
$d = [DateTime]::Today.AddDays(-365) $todisable = Get-ADComputer -Filter 'PasswordLastSet -le $d' -Properties PasswordLastSet | Where-Object {$_.DistinguishedName -notlike "*OU=Disabled*"} $todisable | %{Move-ADObject -Identity $_.DistinguishedName -TargetPath "OU=Disabled,OU=Computers,DC=domain,DC=local" | FT Name,PasswordLastSet} $todisable | %{Disable-ADAccount -Identity $_.SamAccountName} $todisable | ft name