Hi @Elky,

These scripts are for Active Directory monitoring and they are inside Splunk_TA_windows app bin folder.  You can find inputs.conf settings for these scripts below, they should have been enabled by Splunk Admin. After confirmation you can disable that inputs on those endpoints.  

###### Scripted/Powershell Mod inputs Active Directory ######

## Replication Information NT6
[script://.\bin\runpowershell.cmd nt6-repl-stat.ps1]
source=Powershell
sourcetype=MSAD:NT6:Replication
interval=300
disabled=1
 
## Replication Information 2012r2 and 2016
[powershell://Replication-Stats]
script = & "$SplunkHome\etc\apps\Splunk_TA_windows\bin\Invoke-MonitoredScript.ps1" -Command ".\powershell\2012r2-repl-stats.ps1"
schedule = 0 */5 * ? * *
source = Powershell
sourcetype=MSAD:NT6:Replication
disabled=1
 
## Health and Topology Information NT6
[script://.\bin\runpowershell.cmd nt6-health.ps1]
source=Powershell
sourcetype=MSAD:NT6:Health
interval=300
disabled=1
 
## Health and Topology Information 2012r2 and 2016
[powershell://AD-Health]
script = & "$SplunkHome\etc\apps\Splunk_TA_windows\bin\Invoke-MonitoredScript.ps1" -Command ".\powershell\2012r2-health.ps1"
schedule = 0 */5 * ? * *
source=Powershell
sourcetype=MSAD:NT6:Health
disabled=1
 
 
## Site, Site Link and Subnet Information NT6
[script://.\bin\runpowershell.cmd nt6-siteinfo.ps1]
source=Powershell
sourcetype=MSAD:NT6:SiteInfo
interval=3600
disabled=1
 
## Site, Site Link and Subnet Information 2012r2 and 2016
[powershell://Siteinfo]
script = & "$SplunkHome\etc\apps\Splunk_TA_windows\bin\Invoke-MonitoredScript.ps1" -Command ".\powershell\2012r2-siteinfo.ps1"
schedule = 0 15 * ? * *
source = Powershell
sourcetype=MSAD:NT6:SiteInfo
disabled=1

If this reply helps you an upvote is appreciated.