Solved

Removing inactive / obsolete Computer accounts in AD

Posted on 2011-03-15
4
1,128 Views
Last Modified: 2012-05-11
I know how to query the ad server for old computer accounts but I wanted to know what would happen if I deleted a computer account for an active user/computer.

Would that computer need to be rejoined to the domain?  Would it prevent the user from logging into the domain if I accidentally deleted their active computer account?

Is there a policy I can modify to remove inactive computer accounts that haven't logged into the netowork for say... 6mo?

Thanks!
0
Comment
Question by:GDavis193
  • 2
4 Comments
 
LVL 5

Expert Comment

by:sweeps
ID: 35141465
You should disable instead of delete and then move the disabled into an OU.  otherwise you would have to recreate the users and rejoin the machines to the domain.  This would also affect exchange accounts associated to the user.
0
 
LVL 7

Accepted Solution

by:
waleeda earned 500 total points
ID: 35141521
yes
if you deleted an active computer account it will give netlogon error on you active directory, and if you try to login with the cached account it will login but if you try to login with a deferent account it will not work
0
 
LVL 5

Expert Comment

by:sweeps
ID: 35141865
here is a free program that we use that is easy to setup and you can choose to disable either user accounts or computer accounts if not logged in for so many days.  and you can set it to ping the computer account also just to verify that it is not live.

http://www.cjwdev.co.uk/Software/ADTidy/Download.html

freeware and that is for commercial or private usage.  there is a license file in the download that states it.
0
 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 35163958

I Agree. I would create a locked down disabled computers ou.  
0

Featured Post

Make managing Office 365 email signatures a breeze

Are you using Office 365? Having trouble trying to set up email signatures for your users? Getting stressed out managing multiple signatures? Need an easier way to manage? We have a solution for you, try the most-user friendly and powerful signature management tool on the market.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now