0

I am trying to remove all of the older computers that AD stores that have not been active for 60 days. I just started working with AD recently and noticed that the AD has not had a proper cleanup in a long time. I only have about 120 computers/servers but ad has over 300 registered. Does anyone have any advice or solutions for this?

Thanks in advanced!

user1857654
  • 29
  • 1
  • 1
  • 7

1 Answers1

0

I found a solutions here: http://portal.sivarajan.com/2010/03/delete-stale-or-inactive-computer.html

Here is an easy way to identify and delete inactive or stale computers in an Active Directory environment. Using the dsquery command you can easily find all of the computers in the directory that have not been logged into in a given time interval or disabled.

The following command will return all computers that have been inactive or stale for 2 weeks:

dsquery computer –inactive 2

The following command will return all disabled computer account information:

dsquery computer –disabled

You can combine this output with the dsrm command to delete these objects from Active Directory

dsquery computer –inactive 2 | dsrm -noprompt 
dsquery computer –disabled | dsrm -noprompt
user1857654
  • 29
  • 1
  • 1
  • 7
  • 1
    Just note that "stale for 2 weeks" isn't very long if it's a large company with mobile workers (sales staff, execs, etc.) – TheCleaner Oct 14 '14 at 14:12
  • What @TheCleaner said. The first time I did this at a college I made the timeout a year because faculty would sometimes take their laptops home and not bring them back until finals. In other words, know your environment. – Katherine Villyard Oct 14 '14 at 15:21