Solved

How to Clean up my computer listing from Window 2008 Active directory

Posted on 2014-01-20
3
536 Views
Last Modified: 2014-01-27
Hi,   Is there a command or window option that can clean my active directory?   I would like to delete all the computer names that no longer exist on our network.  - Thanks in advance.
0
Comment
Question by:Victor_Torres
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 4

Accepted Solution

by:
Pradeep VIshwakarma earned 500 total points
ID: 39796098
Hi,

AD has some built-in tools to do this effectively. We don't always need a 3rd party software (Free or not), but sometimes it's nice to have a GUI. Comes down to personal preference I guess. :)

dsquery computer -inactive {weeks}

(or)

dsquery computer -stalepwd {days}

Once you find the computers that are stale, then you can use dsmod to deactivate the accounts, dsrm to delete them, or you can do everything manually through ADU&C if you choose. You can also do the whole operation in one fell swoop by using the | (pipe) command to use the results from the dsquery command to be the target for the dsmod or dsrm commands. MS calls this the STDIN (Standard input)

Examples:

dsquery computer -inactive 2

dsquery computer -stalepwd 45

...and combined with dsmod/dsrm

dsquery computer -inactive 4 | dsmod computer -disabled yes

dsquery computer -stalepwd 45 | dsrm computer

You can get additional info on both of these tools with dsquery computer /? ,dsmod computer /?, and dsrm computer /?

-

DISCLAIMER: dsquery and dsget are command line tools that only read and display information from AD. Dsmod and dsrm are tools that can MODIFY AND DELETE information from active directory. Make sure you know what you are doing, as there is no "easy undo" button for Active Directory.
0
 
LVL 11

Expert Comment

by:Manjunath Sullad
ID: 39796200
You can try installing 3rd party tools

ADTidy - http://www.cjwdev.co.uk/Software/ADTidy/Info.html

Solar Winds -  http://www.solarwinds.com/products/freetools/ad_admin_tools.aspx

It will show the age of AD PCs and their last login time. You can easily cleanup your ADUC with a few clicks.

AdTidy - working fine.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39796686
You can use powershell to accomplish this... Use the below syntax to find disabled computers and then delete them...

import-module activedirectory
Get-ADComputer -Filter * | ? {$_.Enabled -eq $false} | Remove-ADComputer -Confirm $false

Open in new window


Will.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question