HowTo: Find and/or cleanup old computer accounts in AD

HowTo: Find and/or cleanup old computer accounts in AD


Dsquery is a command-line tool that is built into Windows Server 2008.
It is available if you have the Active Directory Domain Services (AD DS) server role installed.
To use dsquery, you must run the dsquery command from an elevated command prompt.
To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

To find inactive computer accounts (number is inactivity in weeks):
dsquery computer -inactive 2

To find computers with stale passwords (number is stale in days)
dsquery computer -stalepwd 45

There is also a combination to disable / delete the accounts:
combined with dsmod/dsrm

dsquery computer -inactive 4 | dsmod computer -disabled yes
dsquery computer -stalepwd 45 | dsrm computer

You can get additional info on both of these tools with dsquery computer /? ,dsmod computer /?, and dsrm computer /?

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s