This is work related and I'm sorry for that but this is best place I know of to get the best answers fast. At work we have several inactive computer accounts in our domain. I'm looking for a tool to run through or against our Active Directory that will identify and remove these computer accounts that are inactive. Please let me know if you know of a script that does something like this. Thanks!
Script for clearing inactive PC accounts?
- Thread starter Hermskii
- Start date
- Oct 30, 2000
- 42,589
- 5
- 0
I was hoping the script or whatever tool we use can be modified to look at usage or some other data like that and then react based on that. I have scripts now that go into folders and determine how old certain types of files are and then it nukes all of the files that are now to old based on settings we can modify within the script. It has nothing to do with A.D. though.
This has to be an issue everywhere I'd think. Say I add a PC to the domain and name it after a user. Then a year later, that employee quits and I'm told to reimage the machine and redeploy it out to a new users in the domain. Fine. I do that and when I reimage the machine and deploy it I have to add that machine back into the domain again. Now A.D. sees the old account and the new one. I need to make all of the old ones go away. I was hoping the script could be set to determine if the account hasn't logged in during the last year for instance that it be removed.
This has to be an issue everywhere I'd think. Say I add a PC to the domain and name it after a user. Then a year later, that employee quits and I'm told to reimage the machine and redeploy it out to a new users in the domain. Fine. I do that and when I reimage the machine and deploy it I have to add that machine back into the domain again. Now A.D. sees the old account and the new one. I need to make all of the old ones go away. I was hoping the script could be set to determine if the account hasn't logged in during the last year for instance that it be removed.
Nothinman
Elite Member
- Sep 14, 2001
- 30,672
- 0
- 0
Are you talking about the user/computer accounts in AD or the local profile directories? If it's the former, I don't think people care about them too much. Just make sure to disable the user account when they leave and be done with it. No one knows the computer account password so keeping around old ones isn't a security risk, it's just kind of ugly if you've got a lot of older computer accounts lying around.
If you're talking about profiles and you reimaged the machine there won't be any older profiles there to worry about.
If you're talking about profiles and you reimaged the machine there won't be any older profiles there to worry about.
If you add it back to the domain there isnt an old computer account and a new one. The trust relationship gets set to the new computer.
Nothinman
Elite Member
- Sep 14, 2001
- 30,672
- 0
- 0
Unless you rename it, I've seen a lot of places that use <username>-desktop, etc for their computer names so when a new user gets the machine it gets renamed.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter