Over time, stale computer accounts can accumulate in Active Directory. And whether they're old employee machines that are no longer used or servers that you've retired, letting these accounts sit around in Active Directory can not only clutter up your OUs but also create a security hole.
Removing old, unused computer accounts should be on every Windows admin's Active Directory housekeeping list. During this week's episode of TR Dojo, I show you how to identify potentially stale computer accounts with dsquery and show you how to handle the ones you find.
Check out the following TR Dojo episodes for more Active Directory tips:
- Five Active Directory design best practices
- Five things you should know before cleaning out your Active Directory Database
- Three PowerShell scripts for managing users in Active Directory Domain Services
- Simplify admin tasks by exporting Active Directory data with csvde
For those who prefer text to video, click the View Transcript link below the video player window or check out Rick Vanover's article, "Identify stale Active Directory computer accounts with dsquery," on which this video is based.
You can also sign up to receive the latest TR Dojo lessons through one or more of the following methods:
Bill Detwiler has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Bill Detwiler is Managing Editor Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. He was most recently Managing Editor for TechRepublic Pro. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop support specialist in the social research and energy industries. He has bachelor's and master's degrees from the University of Louisville, where he has also lectured on computer crime and crime prevention.