There are a number of reasons why you may need to find and remove inactive computers from active directory. Test computers and servers that were removed without disconnecting from the domain, or in my case, a computer fleet upgrade. New computers were brought in to replace the old computers, leaving a large number of un used computer objects in Active Directory that should be cleared out.
There are a couple of ways to identify whether a computer account in Active Directory is stale. The approach I found useful is running dsquery from the domain controller.
dsquery computer -inactive 8 -limit 0
The -inactive 8 paremeter lets dsquery know to find computers that have been inactive for 8 weeks.
By default, dsquery will return only 100 results. Use the -limit parameter to list more than 100 results if needed.
Note: Keep in mind that you may have some Laptop computers in the field that do not often connect to Active Directory.
The command dsquery computer -inactive 8 will run for the entire domain of the computer in question. Additional parameters, such as querying only specified OUs, can be performed to target certain areas such as old server accounts.
To export the results to a CSV file, use the following:
dsquery computer -inactive 8 -limit 0 >> c:\export.csv
Thanks steve
very useful thanks!
query works well
Very quick and easy. Thanks.
Nice article , thanks for posting such a nice information. It helps to find and remove inactive computer account from active directory and manages all inactive and disable accounts but I also found acutomate application from http://www.lepide.com/active-directory-cleaner/ which allows you to manage and view activities and applications within the Active Directory environment.
Have a try with this one.
http://www.adsysnet.com/asn-active-directory-inactive-account-tracker-features.aspx
Thank you very much, You make things so simple.