Identify stale computer Accounts in Active Directory

The number one challenge for every Sys Admin is to ensure that old computer accounts within Active Directory (such as servers, user PCs or laptops) can be identified and removed. A quick look at the Object tab of a computer account will tell you when the update sequence number (USN) was updated, but not the last time the computer logged into the domain.

There are a couple of ways to identify whether a computer account in Active Directory is stale.

1) Automatically – Setting up a GPO to to automatically identify and remove stale computer accounts  ( Use it on your own bed risk approach because you may experience problems with Remote Systems such as laptops that haven’t showed up for a while in the corporate network ).

2) The Manual way – Using the query-command called “dsquery”. Open CMD prompt or Powershell and hit “dsquery computer -inactive 1” ( 1 stands for the number of weeks, which in your case )

George Markou

My Name is George Markou, IT Pro, Geek and Fancy Gadgets enthusiast. I am focused on Virtualization and Cloud Technologies.

%d bloggers like this: