Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Removing inactive / obsolete Computer accounts in AD

Posted on 2011-03-15
4
Medium Priority
?
1,137 Views
Last Modified: 2012-05-11
I know how to query the ad server for old computer accounts but I wanted to know what would happen if I deleted a computer account for an active user/computer.

Would that computer need to be rejoined to the domain?  Would it prevent the user from logging into the domain if I accidentally deleted their active computer account?

Is there a policy I can modify to remove inactive computer accounts that haven't logged into the netowork for say... 6mo?

Thanks!
0
Comment
Question by:GDavis193
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 5

Expert Comment

by:sweeps
ID: 35141465
You should disable instead of delete and then move the disabled into an OU.  otherwise you would have to recreate the users and rejoin the machines to the domain.  This would also affect exchange accounts associated to the user.
0
 
LVL 7

Accepted Solution

by:
waleeda earned 2000 total points
ID: 35141521
yes
if you deleted an active computer account it will give netlogon error on you active directory, and if you try to login with the cached account it will login but if you try to login with a deferent account it will not work
0
 
LVL 5

Expert Comment

by:sweeps
ID: 35141865
here is a free program that we use that is easy to setup and you can choose to disable either user accounts or computer accounts if not logged in for so many days.  and you can set it to ping the computer account also just to verify that it is not live.

http://www.cjwdev.co.uk/Software/ADTidy/Download.html

freeware and that is for commercial or private usage.  there is a license file in the download that states it.
0
 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 35163958

I Agree. I would create a locked down disabled computers ou.  
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question