Removing inactive / obsolete Computer accounts in AD

I know how to query the ad server for old computer accounts but I wanted to know what would happen if I deleted a computer account for an active user/computer.

Would that computer need to be rejoined to the domain?  Would it prevent the user from logging into the domain if I accidentally deleted their active computer account?

Is there a policy I can modify to remove inactive computer accounts that haven't logged into the netowork for say... 6mo?

Thanks!
GDavis193Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
waleedaConnect With a Mentor Commented:
yes
if you deleted an active computer account it will give netlogon error on you active directory, and if you try to login with the cached account it will login but if you try to login with a deferent account it will not work
0
 
sweepsCommented:
You should disable instead of delete and then move the disabled into an OU.  otherwise you would have to recreate the users and rejoin the machines to the domain.  This would also affect exchange accounts associated to the user.
0
 
sweepsCommented:
here is a free program that we use that is easy to setup and you can choose to disable either user accounts or computer accounts if not logged in for so many days.  and you can set it to ping the computer account also just to verify that it is not live.

http://www.cjwdev.co.uk/Software/ADTidy/Download.html

freeware and that is for commercial or private usage.  there is a license file in the download that states it.
0
 
ActiveDirectorymanCommented:

I Agree. I would create a locked down disabled computers ou.  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.