Delete Stale or Inactive Computer Accounts from Active Directory

I recentley found this post from Santhosh Sivarajan’s blog which gives you an easy way to identify and delete inactive or stale computers in an Active Directory enviroment. Using the dsquery command you can easliy find all of the computers in the directory that have not been logged into in a given time interval or disabled.

The following command will return all computers that have been inactive or stale for 2 weeks:

dsquery computer -inactive 2

dsquery inactive

 

The Following command will return all disabled computer account information.

dsquery computer -disabled

dsquery disabled

 

You can combine this output with the dsrm command to delete these objects from Active Directory.

dsquery computer -inactive 2 | dsrm -noprompt
dsquery computer -disabled | dsrm -noprompt

dsquery dsrm

dsquery command reference
dsrm command reference

Leave a Reply

Your email address will not be published. Required fields are marked *