Why not delete to active directory on dis-join computer

If you not delete to disjoin computer, your active directory manage to hard.

because, active directory all manage plan start computer. GPO, OU, even replication

User is you can manage, but computer is so hard. if your company is big, then more hard to manage.

So, i give you some tip. this tip is computer find last active day.

Solution 1

dsquery is find “ntds”  in there we will scan not active computer.

-inactive option uses the LastLogonTimeStamp

dsquery computer -inactive 90

But this  command is little loose,  not updated every time a computer logs on to other domain controllers so, your data quality  little be not good.

Solution 2(Recommend)

Use to Powershell, this data quality is good, this command collect to other domain controllers.

$time = [DateTime]::Now.AddDays(-90)
$date = get-date ($time) -UFormat %d.%m.%y
Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -Properties LastLogonTimeStamp | select-object Name,@{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}}


And if you want to automatic delete to old computer use to dsrm

dsrm very simpley

dsquery computer -inactive 4 | dsrm -noprompt

in powershell use this.

$time = [DateTime]::Now.AddDays(-90)
$date = get-date ($time) -UFormat %d.%m.%y
Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -Properties LastLogonTimeStamp | select-object DistinguishedName | dsrm -noprompt

Good Luck

Facebook Comments

Leave A Reply

Detection ADBlockPlease, Disable or add to white list on our site.