• Post category:Windows
  • Post comments:0 Comments
  • Post author:
  • Post published:12/04/2021
  • Post last modified:12/04/2021

Over time, a lot of old and unnecessary information accumulates in Active Directory, which periodically needs to be deleted.

The task arose: to clear a specific OU in Active Directory from PC accounts that have not been used for more than 120 days.

As a utility for conducting mass operations with AD, I prefer to use dsquery, and as a parameter that determines the time during which the account was not used – the time since the last password change of the computer in the domain.

To sample all inactive (at least 120 days) PCs in a specific OU, I use the following command:

dsquery computer “ou = Computers, ou = Moskow, dc = corp, dc = winitpro, dc = en” -stalepwd 120 -limit 10000> c: / 12.txt

Parameters: —stalepwd 120 is the time since the last password change of the PC in the domain,

limit 10000 – limit the number of PC records to display. 10,000

c: / 12.txt – redirect the output of the command to the file c: / 12.txt

And to remove the found PC accounts, you need to use the dsrm command:

dsquery computer “ou = Computers, ou = Moskow, dc = corp, dc = winitpro, dc = en” -stalepwd 120 -limit 10000 | dsrm

PS: dsquery utility is part of the Windows Server 2003 Support Tools package (Adminpak.msi) 

Related post : DHCP protocol

 

Leave a Reply