Windows optimize

Find unused computer accounts in Active Directory with dsquery

Bill Detwiler shows you how to find stale AD computer accounts using dsquery and suggest ways to handle the ones you uncover.

Over time, stale computer accounts can accumulate in Active Directory. And whether they're old employee machines that are no longer used or servers that you've retired, letting these accounts sit around in Active Directory can not only clutter up your OUs but also create a security hole.

Removing old, unused computer accounts should be on every Windows admin's Active Directory housekeeping list. During this week's episode of TR Dojo, I show you how to identify potentially stale computer accounts with dsquery and show you how to handle the ones you find.

Check out the following TR Dojo episodes for more Active Directory tips:

For those who prefer text to video, click the View Transcript link below the video player window or check out Rick Vanover's article, "Identify stale Active Directory computer accounts with dsquery," on which this video is based.

You can also sign up to receive the latest TR Dojo lessons through one or more of the following methods:

About

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

5 comments
rgnambiar
rgnambiar

Hi, I am not able to delete the stale computer from my domain by using the below dsquery command. dsquery computer –inactive 468 | dsrm –noprompt Please help me out in deleting the stale computer

albayaaabc
albayaaabc

so mazing toll on ms dos but we need to see more application on it for windows7 hope anice day Mr.

user support
user support

Thanks for the blog. Unfortunately, we are still on Windows XP so I got the follwing message C:\>dsquery computer -inactive 8 dsquery failed:`8' is an unknown parameter. type dsquery /? for help. C:\> C:\>disquery /? 'disquery' is not recognized as an internal or external command, operable program or batch file. Most IT employees in our shop used to find dormant accounts by accident. Scans for dormant accounts and machines were done on an intermittant basis using Hyena software. Today, dormant accounts are minimal, only occurring when temp employees leave unexpectedly. Our remote users have security software that requires them to connect to the network once a week or be locked out.