We've been using the DOS command "dsquery computer -inactive 13 | dsrm -subtree -noprompt -c" to remove computers more than 90 days stale. I would like to add something to disable the accounts after 30 days. Is there a command similar to dsrm that would disable but not remove?
Second question. Is there a way to specify days rather than weeks? 13 weeks equals 91 days so that math works out well for a 90-day policy. 4 weeks is 28 days, but I prefer to use syntax that is exactly 30 days if that is possible since this will be documented in a company security policy.
I've seen some PowerShell examples but they all were calculating stale based on LastLogon which yields different results from dsquery. So if there is a PowerShell equivalent of dsquery I'm happy to use that instead. Please advise. Thanks.