Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Need to remove dormant computer accounts from active directory.  What's a good (paid or free) solution?

Posted on 2014-09-03
3
Medium Priority
?
463 Views
Last Modified: 2014-09-04
Need to remove dormant computer accounts from active directory.  What's a good (paid or free) solution?  

Also, does anyone know the default setting (in days) in which a computer account's status changes and must be re-added to the domain?  Thanks.
0
Comment
Question by:LB1234
3 Comments
 
LVL 14

Accepted Solution

by:
Brad Groux earned 1600 total points
ID: 40301143
The term you are looking for is "stale," specifically stale computer objects. This TechNet blog post takes you through all of the steps - http://blogs.technet.com/b/ken_brumfield/archive/2008/09/16/identifying-stale-user-and-computer-accounts.aspx

Here is a script to find stale computer objects in Active Directory - http://gallery.technet.microsoft.com/scriptcenter/7bc5bc1c-e934-4ce1-8a77-3b0105807402

Here's one that utilizes Quest's free tools - http://gallery.technet.microsoft.com/Active-Directory-Stale-f775cc22

If a machine is offline more than 30 days it may become stale. Best practice is generally to query machines who have been offline for 90+ days. Stale machines won't be kicked from the domain, if they are plugged in or attached to the domain at any time they can log back in... thus, it is a good idea to clean out stale objects from time to time.

This blog post shows you how you can send out an automated email with stale accounts - http://pipe2text.com/?page_id=121
0
 
LVL 22

Assisted Solution

by:Joseph Moody
Joseph Moody earned 400 total points
ID: 40301150
Brad pretty much got you covered. If you prefer safety, you can disable the stale objects and move them to a dedicated OU. After a certain period, you can delete those objects.

http://deployhappiness.com/managing-stale-computers-and-users/
0
 
LVL 1

Author Closing Comment

by:LB1234
ID: 40303295
I wound up using AD Manager Plus from Manage Engine, but thanks!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question