Solved

Removing inactive / obsolete Computer accounts in AD

Posted on 2011-03-15
4
1,133 Views
Last Modified: 2012-05-11
I know how to query the ad server for old computer accounts but I wanted to know what would happen if I deleted a computer account for an active user/computer.

Would that computer need to be rejoined to the domain?  Would it prevent the user from logging into the domain if I accidentally deleted their active computer account?

Is there a policy I can modify to remove inactive computer accounts that haven't logged into the netowork for say... 6mo?

Thanks!
0
Comment
Question by:GDavis193
  • 2
4 Comments
 
LVL 5

Expert Comment

by:sweeps
ID: 35141465
You should disable instead of delete and then move the disabled into an OU.  otherwise you would have to recreate the users and rejoin the machines to the domain.  This would also affect exchange accounts associated to the user.
0
 
LVL 7

Accepted Solution

by:
waleeda earned 500 total points
ID: 35141521
yes
if you deleted an active computer account it will give netlogon error on you active directory, and if you try to login with the cached account it will login but if you try to login with a deferent account it will not work
0
 
LVL 5

Expert Comment

by:sweeps
ID: 35141865
here is a free program that we use that is easy to setup and you can choose to disable either user accounts or computer accounts if not logged in for so many days.  and you can set it to ping the computer account also just to verify that it is not live.

http://www.cjwdev.co.uk/Software/ADTidy/Download.html

freeware and that is for commercial or private usage.  there is a license file in the download that states it.
0
 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 35163958

I Agree. I would create a locked down disabled computers ou.  
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to run a process periodically from the server 2 24
Schannel error 70 on Exchange CAS and Mailbox servers 4 67
Windows Modify Permissions 19 62
GPO reset 2 40
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Learn about cloud computing and its benefits for small business owners.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question