[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 709
  • Last Modified:

Cleaning up Stale Computer and User accounts in Active Directory

I was searching for some sureshot way to clean up stale computer and user accounts including the mailboxes that haven't been deleted by helpdesk guys in a timely manner.

SMS or SCCM 2007 doesn't give that functionality. SysInternals utility 'Oldcmp' throws results that aren't too dependable to delete without undertaking 2-3 walovers manually.

Is there something someone has used and can vouch for it's effectiveness where I suspect about a 1000 computers and user accounts being stale in my over 6000 objects in AD>
2 Solutions
This would clean out all machine that have not been used in the last 90 days..
Mike KlineCommented:
Oldcmp is the tool we use and used by many.
The strategy we use is to never delete just based on the report.  We first disable and then we delete.
Our policy is run oldcmp and disable anything greater than 120 days
We delete anything over 180 days.
That way if there is some false positive it takes seconds to enable.
What is your domain functional level set at?   If you are at 2003 DFL you can also key off lastlogontimestamp for users which is fairly accurate (up to 14 days)

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now