Delete Stale or Inactive Computer Accounts from Active Directory

I recentley found this post from Santhosh Sivarajan’s blog which gives you an easy way to identify and delete inactive or stale computers in an Active Directory enviroment. Using the dsquery command you can easliy find all of the computers in the directory that have not been logged into in a given time interval or disabled.

The following command will return all computers that have been inactive or stale for 2 weeks:

dsquery computer -inactive 2

dsquery inactive

 

The Following command will return all disabled computer account information.

dsquery computer -disabled

dsquery disabled

 

You can combine this output with the dsrm command to delete these objects from Active Directory.

dsquery computer -inactive 2 | dsrm -noprompt
dsquery computer -disabled | dsrm -noprompt

dsquery dsrm

dsquery command reference
dsrm command reference

Hemp

IT and security Expert with 20+ Years of Experience. _______________________________________________________ With over two decades of experience in the dynamic field of Information Technology and security, I have honed my skills to become a leading expert in safeguarding digital landscapes. My passion for technology and an unquenchable thirst for knowledge have driven me to stay at the forefront of the ever-evolving IT industry.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top