Every windows admin is faced with Users and Computers clean up. Task is not so complicated but it takes some time if done manually.
Let’s start with the basics. Why would you clean up AD users and computers from time to time? It’s because HR may not provide the latest info on active employee list.
If employees are not with the company, active user accounts can be exploited and provide a security risk. Another reason which applies to both, users and computers is:
- Licensing
If you have un-active computers and users present in Active Directory you may be using unnecessary licences. Some programs are licensed on AD users or computer count. So if you have unnecessary users / computers you may be overpaying for your maintenance agreement.
Is there a way to celan up AD Users and Computers easier? Yes, most certainly it is. Clean up AD Users and Computers with AD Tidy – the easy way.
AD Tidy is a very simple utility. UI is simple and modern, your eyes won’t get hurt looking at the app.
Did I mention that app is free? Well, it’s free, but they are have a commercial version with more features.
You can check entire domain or you can check OU only, you can search for Users or Computers. By default you can check for last logon date and then make a sort to see date of logons.
Also by clicking on the object with right mouse button, you can action on the object, you can: delete, disable, move, remove from group / groups, set password, expiry date…
What is also good is that you choose which columns it will show, for example, last logon DC, Last logon date, parent container… Thinking about it now, it may not make sense, but usually when you work on a clean up you come up with some conditions and it’s good to know that AD Tidy has your back.
It supports multi domains which is really great if you just acquired a company and began integrating domains. It also uses a little trick which can save you some time, you can ping test to see if computer is turned on and even DNS record time stamp check.
If you are doing a check up manually, you would ping every computer and see it’s turned on, or if has IP assigned to it.
AD Tidy is available in 2 versions, one is free, the other commercial. One of the Commercial advantages is that you can automate tasks, for example, you want that all accounts that were not logged on for 90 days are disabled and moved to container but accounts that have not been logged on to for 200 days get deleted.
No problem. You can download fine utility from HERE.
If you are looking for an alternative, you can check Lepide AD cleaner
Napsat komentář