Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Active directory cleanup

  • Filter
  • Time
  • Show
Clear All
new posts

  • Active directory cleanup

    Hi there,
    I'm looking to clean up some stale computer objects in active directory.
    I'm looking to identify those objects which have been stale for roughly a year and have no description.

    When their identified we'll disable them and most likely move them to another OU with a description saying when they were disabled.

    dsquery computer "[Valid OU]" -name * -desc “” -stalepwd 365 -limit 300

    I can't seem to find anything that will return the objects that DON'T have a description without a fairly complicated VB script or another (non microsoft) tool.

    Is there an easy solution?
    If not, do you have a working script which we can adapt?

    Thanks in advance for your time and help guys!

  • #2
    Re: Active directory cleanup

    You can try this command

    for /f "Tokens=*" %a in ('dsquery computer -stalepwd 365 -limit 0') do DSMOVE %a -newparent "ou=disabled computers,dc=domain,dc=com">>stalecomputer_result. txt

    this will move all computers that stale for a year then move the stale computers to this ou=disabled computers,dc=domain,dc=com.

    Hope it helps!
    Last edited by totoy bato; 24th April 2009, 04:02.


    • #3
      Re: Active directory cleanup

      Very nice bit of code!
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd

      ** Remember to give credit where credit is due and leave reputation points where appropriate **