This falls into the “Come on Microsoft” category.
I have been writing a script that will gather a bunch of information from servers, and returns an object with the information. Part of what I’m gathering is the servers that are set to auto start, and have their corresponding service stopped.
While you can get a list of services that meet part of this criteria like this:
I encountered a challenge today that was fun to fix. There’s an Organizational Unit in my AD setup that has historically been used to store disabled AD objects instead of deleting them.
When an employee leaves the organization, our standard procedure is as followed:
- Disable User Object
- Move to separate OU (IE AD://internal.msd/disabled/users)
- Update Description field with something like: Disabled by [username] on [date]
- Retain user object for x amount of days, then tombstone it.
Best laid plans of mice and men… yada yada…