ESX Virtualization

VMware ESXi, vSphere, VMware Backup, Hyper-V... how-to, videos....

How to find inactive computer accounts in Active Directory

By | Last Updated:

Shares

From time to time you might need to clean up the Active Directory from computer accounts which are no longer active. Computers that has been reinstalled, replaced with new ones, old VMs. In many of those case you'll might just end up with active directory full of computer objects that are obsolete. In fact those old unused accounts are called stale accounts.

AD Tidy tool

The creator of this tool is Chris Wright from the UK. There is free version and paid version of this tool. This tool is about 4 Megs in size and enables you to do many things concerning housekeeping of Active Directory. After running a report tool which brings results, you can select the desired records and do some actions, like disabling, moving, adding/removing to/from groups etc. You can also set expiration data on objects. The tool uses powerful filtering options and can do a lot of actions. You can also build your own action sequences or export pie charts.

There is a possibility to save report settings or view DNS record timestamps.  The free version is limited so not all the actions are possible:

  • Cannot reverse actions
  • Cannot use automated rules or command line
  • Cannot use launch external script action
  • Custom LDAP attribute definitions cannot be added
  • Can only export to CSV file.

But still, after installed, there is a nice GUI tool. The image was taken from my freshly installed Microsoft Windows 2012 AD server, so there aren't any computer accounts (almost) yet. You can click to enlarge.

ad-tidy-soft

How to find inactive computer accounts in Active Directory with the AD Tidy Tool. The Features:

  • Report on both user and computer accounts
  • Search entire domain or select a specific OU
  • Multi-domain friendly – specify any domain and optionally use alternate credentials to connect to it
  • Get account last logon information from all DCs or select specific DCs (using either lastLogon attribute or lastLogonTimeStamp attribute)
  • Choose to only find accounts that have not logged on for a specified number of days
  • Confirm whether or not computer accounts are still active by using the Ping test and DNS record timestamp check
  • Powerful filtering capabilities let you filter results accounts based on name, group membership, expiration date, LDAP attribute, and more
  • Export report results to CSV or Excel XLSX file
  • Save report settings to file so that you can reload them whenever you want  or share them with colleagues
  • Option to reverse actions that were previously performed (Standard Edition only)
  • Command line support and Automated Rules allow for automation of account clean up tasks (Standard Edition only)

The standard edition is now available to purchase here.

The free edition can be download here: https://www.cjwdev.co.uk/Software/ADTidy/Info.html

This tool will be definitely added as a free tool in my Free Tools Page.

Enjoy..

Shares
5/5 - (1 vote)

About Vladan SEGET

This website is maintained by Vladan SEGET. Vladan is as an Independent consultant, professional blogger, vExpert x16, Veeam Vanguard x9, VCAP-DCA/DCD, ESX Virtualization site has started as a simple bookmarking site, but quickly found a large following of readers and subscribers.

Connect on: Facebook. Feel free to network via Twitter @vladan.

x