Active Directory Cleanup Tool (ADCleanup)

Shaun VermaakSenior Consultant
CERTIFIED EXPERT
My name is Shaun Vermaak and I have always been fascinated with technology and how we use it to enhance our lives and business.
Published:
Updated:
Edited by: Andrew Leniart
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..

Introduction


ADCleanup is my implementation of a set-and-forget Active Directory cleanup tool. Once this tool is implemented correctly, you never need to worry about dormant accounts ever again.


Implementation


1) Download and extract ADCleanup.zip (here is VirusTotal scan) to a folder of your choice, saved on the computer on which it will be scheduled to run.

2) Create a location in Active Directory to store inactive user accounts and record the distinguished name (DN).




3) Create a location in Active Directory to store inactive computer accounts and record the distinguished name (DN).



4) Run Configurator.exe (Configurator Editor).


a) On the Encrypt tab, enter the password for the account that will be performing the cleanup task. Encrypt it with key 9hOK7AtlGOCRyBtBdhF9pnTQuk8ES176 and record encrypted password



b) On the Settings tab, enter the fully qualified domain name, cleanup account user name and the encrypted password recorded in step 4a

c) Set userCleanup to true to enable the process to clean up user accounts. Set user cleanup parameters

d) Set userDisabledOUto value recorded in step 2

e) Set computerCleanup to true to enable the process to clean up user accounts. Set computer cleanup parameters

f) Set computerDisabledOU to value recorded in step3



g) On the userExcludedDNs tab, specify any distinguished name of an organizational unit that should be excluded from the cleanup process  (+ or INS to add, - or DEL to delete, Enter or double-click to edit)



g) On the computerExcludedDN stab, specify any distinguished name of an organizational unit that should be excluded from the cleanup process (+ or INS to add, - or DEL to delete, Enter or double-click to edit)



h) Schedule ADCleanup.exe to execute via a scheduled task. Upon every execution, the tool will clean up user and computer objects as per your configuration


Conclusion


Using this process, (or one similar) will keep Active Directory clean from the unused computer and user objects, and increases server security in the process.


Please do not forget to press the "Thumb's Up" button if this article was helpful and valuable for EE members.


It also provides me with positive feedback. Thank you!

10
2,585 Views
Shaun VermaakSenior Consultant
CERTIFIED EXPERT
My name is Shaun Vermaak and I have always been fascinated with technology and how we use it to enhance our lives and business.

Comments (29)

If you think its a promotion or intentionally I have posted an article in your post then please remove it.
Shaun VermaakSenior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019

Author

Commented:
Correct Austin. Those script have no option to exclude DN (group and OU), does not that password last change in consideration does not provide a safety limit, does not provide a method to delegate.

All I am saying it that those scripts are dangerous and I guarantee you that if you go into any medium to large environment, you will break systems

If you posted a Powershell (or any other solution, say oldcmp) that provide basic controls over these parameters, I would not have an issue.

I am not concerned about promoting other solutions, I encourage it.

We are a community
Thanks for Clarification.... I got your point now.
Shaun VermaakSenior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019

Author

Commented:
Please don't let me stop/discourage you from contributing, your contributions are valuable ;)
I am happy from that... even I used to comment that for blog author so he can add these thing in his post.

I learned alot here people guided me here time to time.

View More

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.

Get access with a 7-day free trial.
You Belong in the World's Smartest IT Community