want to delete users with never logged in status using Solar Winds Inactive user account removal tool

mkramer777
mkramer777 used Ask the Experts™
on
Downloaded Solar Winds inactive user account removal tool and ran it on my Windows 2008 Server.  On the last logon column, it shows the entry of "Never Logged in"  Does this mean I can remove all of these users that say this?  I ran this as "inactive since 1/1/2017
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Kevin StanushApplication Developer

Commented:
Never remove accounts without first disabling them first.  If you want, move them into a special "Inactive Accounts" OU, then after a good quarantee period, delete them.  

Its going to be impossible for someone to say what this tool does unless they too have used it.  If it looks at the AD attribute 'LastLogonTimeStamp' which it probably does, then its just showing you the value of this attribute in the directory.  'Never Logged On' just means this attribute is not set/present.  

Here is more reading on this attribute:

https://blogs.technet.microsoft.com/askds/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works/
Shaun VermaakTechnical Specialist
Awarded 2017
Distinguished Expert 2018

Commented:
You could use my ADCleanup tool which first disables object for a period before automatically deleting them. Also, if you have 2008 R2 or when you eventually upgrade, enable AD recycle bin
https://www.experts-exchange.com/articles/30820/Active-Directory-Cleanup-Tool-ADCleanup.html
Powershell to find inactive, disable and move disabled Active Directory Users and Computers to New OU:
http://expert-advice.org/active-directory/powershell-to-find-inactive-ad-users-and-computers-accounts/

How to Manage Inactive User and Computer Accounts in Active Directory:
https://www.lepide.com/how-to/manage-inactive-accounts-in-active-directory.html

You may also get help from this AD Cleanup solution to manage inactive user accounts and either move them to another OU, reset their passwords, disable them or just delete them all together.
If you need to remove inactive AD accounts, here's a complete PowerShell solution that you can use. Don't forget to test in in a lab environment first though: https://www.adaxes.com/blog/cleanup-active-directory-with-powershell.html

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial