Removing old computers on a domain

windows active-directory

You can use dsquery (technet link) to locate inactive computers:

dsquery computer -inactive 10 -limit 0

Shows computers that have been inactive for 10 weeks or more.

From dsquery computer /? (technet link)

...
-inactive <NumWeeks>        Finds computers that have been inactive (stale)
                            for at least <NumWeeks> number of weeks.
...

You can pipe the output into dsrm (technet link) if you want to remove the listing from the domain. Please note this will not bother prompting you so apply the appropriate amount of caution.

dsquery computer -inactive 10 -limit 0 | dsrm -noprompt


You can return computer accounts via DSQUERY. The example below will return computer accounts that have not logged in withing the past 4 weeks.

dsquery computer -inactive 4 -limit 0

You can then pipe the output to a file, or simply remove them by piping to the DSRM command.

dsquery computer -inactive 4 -limit 0 | dsrm -noprompt

Similar functionality can be achieved via powershell I'm sure.


The VB Script >here< will identify computer objects in your AD which have not had a computer password reset in a specified number of days, and then move them to an OU you can specify, as well as disable their computer accounts for you (which seems to me to be preferable to just deleting them - safer!)

I've used it before and it works just fine.

Related

Linux e1000e (Intel networking driver) problems galore, where do I start?
Update Ubuntu 10.04
Headless linux install
What is ECC ram and why is it better?
Is it possible to setup a virtual machine inside another virtual machine
Create an AWS HVM Linux AMI from an Existing Paravirtual Linux AMI
Which is better: RAID5 + 1 Hotspare / RAID6? [closed]
How do I get SELinux to allow Apache and Samba on the same folder?
Can nginx location blocks match a URL query string?
Using ICACLS to set permissions on user directories
How to put desired umask with SFTP?
What kind of mail server do you use?