Removing old computers on a domain

You can use dsquery (technet link) to locate inactive computers:

dsquery computer -inactive 10 -limit 0

Shows computers that have been inactive for 10 weeks or more.

From dsquery computer /? (technet link)

...
-inactive <NumWeeks>        Finds computers that have been inactive (stale)
                            for at least <NumWeeks> number of weeks.
...

You can pipe the output into dsrm (technet link) if you want to remove the listing from the domain. Please note this will not bother prompting you so apply the appropriate amount of caution.

dsquery computer -inactive 10 -limit 0 | dsrm -noprompt


You can return computer accounts via DSQUERY. The example below will return computer accounts that have not logged in withing the past 4 weeks.

dsquery computer -inactive 4 -limit 0 

You can then pipe the output to a file, or simply remove them by piping to the DSRM command.

dsquery computer -inactive 4 -limit 0 | dsrm -noprompt

Similar functionality can be achieved via powershell I'm sure.


The VB Script >here< will identify computer objects in your AD which have not had a computer password reset in a specified number of days, and then move them to an OU you can specify, as well as disable their computer accounts for you (which seems to me to be preferable to just deleting them - safer!)

I've used it before and it works just fine.