Solved

How to Clean up my computer listing from Window 2008 Active directory

Posted on 2014-01-20
3
530 Views
Last Modified: 2014-01-27
Hi,   Is there a command or window option that can clean my active directory?   I would like to delete all the computer names that no longer exist on our network.  - Thanks in advance.
0
Comment
Question by:Victor_Torres
3 Comments
 
LVL 4

Accepted Solution

by:
Pradeep VIshwakarma earned 500 total points
ID: 39796098
Hi,

AD has some built-in tools to do this effectively. We don't always need a 3rd party software (Free or not), but sometimes it's nice to have a GUI. Comes down to personal preference I guess. :)

dsquery computer -inactive {weeks}

(or)

dsquery computer -stalepwd {days}

Once you find the computers that are stale, then you can use dsmod to deactivate the accounts, dsrm to delete them, or you can do everything manually through ADU&C if you choose. You can also do the whole operation in one fell swoop by using the | (pipe) command to use the results from the dsquery command to be the target for the dsmod or dsrm commands. MS calls this the STDIN (Standard input)

Examples:

dsquery computer -inactive 2

dsquery computer -stalepwd 45

...and combined with dsmod/dsrm

dsquery computer -inactive 4 | dsmod computer -disabled yes

dsquery computer -stalepwd 45 | dsrm computer

You can get additional info on both of these tools with dsquery computer /? ,dsmod computer /?, and dsrm computer /?

-

DISCLAIMER: dsquery and dsget are command line tools that only read and display information from AD. Dsmod and dsrm are tools that can MODIFY AND DELETE information from active directory. Make sure you know what you are doing, as there is no "easy undo" button for Active Directory.
0
 
LVL 11

Expert Comment

by:Manjunath Sullad
ID: 39796200
You can try installing 3rd party tools

ADTidy - http://www.cjwdev.co.uk/Software/ADTidy/Info.html

Solar Winds -  http://www.solarwinds.com/products/freetools/ad_admin_tools.aspx

It will show the age of AD PCs and their last login time. You can easily cleanup your ADUC with a few clicks.

AdTidy - working fine.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39796686
You can use powershell to accomplish this... Use the below syntax to find disabled computers and then delete them...

import-module activedirectory
Get-ADComputer -Filter * | ? {$_.Enabled -eq $false} | Remove-ADComputer -Confirm $false

Open in new window


Will.
0

Join & Write a Comment

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now