Tuesday, June 21, 2011

Search and Remove Inactive Computer From Active Directory

SCCM Active Directory System discovery will discover all the computers in your AD, including those inactive. To have a clean collection, you need to have a clean active directory. We can query the active directory to search computers that are inactive for certain of time and then remove them. Run the following command in the command prompt of the domain controller.

dsquery computer –inactive 8 | dsrm –subtree –noprompt

The command above will search for those computer that have been inactive for 8 weeks and then delete them from the active directory. You can change the number of weeks according to your needs.

Other than that, you can also output those inactive computers to an .txt or .csv file by performing the following command.

dsquery computer –inactive 8 > c:\output.csv

6 comments:

  1. Very dangerous command and penitentially having disastrous effects.

    lastLogon is not replicated between DCs if you're not aware of it.

    What this can lead to you can work out yourself.

    ReplyDelete
  2. How if the administrator analyse those computer before they delete the computer acc. They can also put those pc as disabled before they delete them...

    Btw, thanks Adrian.

    ReplyDelete
  3. Yes that will make sense i.e. to quarantine them for a period of time. We usually disable and move them to a designated OU for at least a month after which objects get deleted - much safer :)

    ReplyDelete
  4. Thanks for the sharing... =)

    ReplyDelete
  5. dsquery computer -inactive 52 -limit 0 > inactivecomputers.txt

    Much Safer if you want to preview the list first.

    ReplyDelete
  6. Thanks for sharing your valuable information about dsquery which allows to search and remove Inactive Computer from Active Directory environment. I also found good active directory cleanup tool from http://activedirectorycleanup.hatenablog.com . This tool helps to find out inactive user account and manage inactive accounts through automated action like delete, reset password, disable, move inactive account to another OU and shows the list of inactive users, disabled users, locked out users, inactive and disabled computers. It generates comprehensive reports which are based on inactive accounts, never logged on users and real last logon information of accounts.

    ReplyDelete