Solved

How to Clean up my computer listing from Window 2008 Active directory

Posted on 2014-01-20
3
534 Views
Last Modified: 2014-01-27
Hi,   Is there a command or window option that can clean my active directory?   I would like to delete all the computer names that no longer exist on our network.  - Thanks in advance.
0
Comment
Question by:Victor_Torres
3 Comments
 
LVL 4

Accepted Solution

by:
Pradeep VIshwakarma earned 500 total points
ID: 39796098
Hi,

AD has some built-in tools to do this effectively. We don't always need a 3rd party software (Free or not), but sometimes it's nice to have a GUI. Comes down to personal preference I guess. :)

dsquery computer -inactive {weeks}

(or)

dsquery computer -stalepwd {days}

Once you find the computers that are stale, then you can use dsmod to deactivate the accounts, dsrm to delete them, or you can do everything manually through ADU&C if you choose. You can also do the whole operation in one fell swoop by using the | (pipe) command to use the results from the dsquery command to be the target for the dsmod or dsrm commands. MS calls this the STDIN (Standard input)

Examples:

dsquery computer -inactive 2

dsquery computer -stalepwd 45

...and combined with dsmod/dsrm

dsquery computer -inactive 4 | dsmod computer -disabled yes

dsquery computer -stalepwd 45 | dsrm computer

You can get additional info on both of these tools with dsquery computer /? ,dsmod computer /?, and dsrm computer /?

-

DISCLAIMER: dsquery and dsget are command line tools that only read and display information from AD. Dsmod and dsrm are tools that can MODIFY AND DELETE information from active directory. Make sure you know what you are doing, as there is no "easy undo" button for Active Directory.
0
 
LVL 11

Expert Comment

by:Manjunath Sullad
ID: 39796200
You can try installing 3rd party tools

ADTidy - http://www.cjwdev.co.uk/Software/ADTidy/Info.html

Solar Winds -  http://www.solarwinds.com/products/freetools/ad_admin_tools.aspx

It will show the age of AD PCs and their last login time. You can easily cleanup your ADUC with a few clicks.

AdTidy - working fine.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39796686
You can use powershell to accomplish this... Use the below syntax to find disabled computers and then delete them...

import-module activedirectory
Get-ADComputer -Filter * | ? {$_.Enabled -eq $false} | Remove-ADComputer -Confirm $false

Open in new window


Will.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question