Bill Detwiler shows you how to find stale AD computer accounts using dsquery and suggest ways to handle the ones you uncover.
Over time, stale computer accounts can accumulate in Active Directory. And whether they're old employee machines that are no longer used or servers that you've retired, letting these accounts sit around in Active Directory can not only clutter up your OUs but also create a security hole.
Removing old, unused computer accounts should be on every Windows admin's Active Directory housekeeping list. During this week's episode of TR Dojo, I show you how to identify potentially stale computer accounts with dsquery and show you how to handle the ones you find.
Check out the following TR Dojo episodes for more Active Directory tips:
- Five Active Directory design best practices
- Five things you should know before cleaning out your Active Directory Database
- Three PowerShell scripts for managing users in Active Directory Domain Services
- Simplify admin tasks by exporting Active Directory data with csvde
For those who prefer text to video, click the View Transcript link below the video player window or check out Rick Vanover's article, "Identify stale Active Directory computer accounts with dsquery," on which this video is based.
You can also sign up to receive the latest TR Dojo lessons through one or more of the following methods: