Over time, a lot of old and unnecessary information accumulates in Active Directory, which periodically needs to be deleted.

The task arose: to clear a specific OU in Active Directory from PC accounts that have not been used for more than 120 days.

As a utility for conducting mass operations with AD, I prefer to use dsquery, and as a parameter that determines the time during which the account was not used – the time since the last password change of the computer in the domain.

To sample all inactive (at least 120 days) PCs in a specific OU, I use the following command:

dsquery computer “ou = Computers, ou = Moskow, dc = corp, dc = winitpro, dc = en” -stalepwd 120 -limit 10000> c: \ 12.txt

Parameters: —stalepwd 120 is the time since the last password change of the PC in the domain,

limit 10000 – limit the number of PC records to display. 10,000

c: \ 12.txt – redirect the output of the command to the file c: \ 12.txt

And to remove the found PC accounts, you need to use the dsrm command:

dsquery computer “ou = Computers, ou = Moskow, dc = corp, dc = winitpro, dc = en” -stalepwd 120 -limit 10000 | dsrm

PS: dsquery utility is part of the Windows Server 2003 Support Tools package (Adminpak.msi)

See also : 

Error 0x80070091: Folder is not empty

Error 0x80242006 update in Windows 10

 

 

If you liked this post share this post with your friends and support us :)