How to Find inactive users/computers in AD and disabled/delete them

Active Directory admins are very much aware of the security threat from inactive users/computers in Active Directory. When AD accounts are not being used for long time, we need to either disable or delete them. Organizations with structured approach have proper policy for account disabling and then deletion timelines.

We will use below commands in this article to archive the goal:

Dsquery : This command will query the AD objects on the basis of further switches of the command.

Dsmod: This command will modify the properties of the object.

Dsrm: This command will remove the object from the AD.

 

Syntax of dsquery command is:

Dsquery <object type> -inactive <number of weeks> -limit <number of objects>

Example: dsquery computer -inactive 8 -limit 500

Dsquery user -inactive 8 -limit 500

 

Syntax of dsmod command is:

Dsmod <object type> -disabled

 

Syntax of dsrm command is:

Dsrm <object Distinguished name (DN)>

 

Please find below steps to perform the stale objects search:

Note: Run this command on domain controller or computer with RSAT

 

Step 1: Open command prompt with administrator

 

 

Step 2: Find stale users/computers using below command:

For user: dsquery user -inactive 8 -limit 100

For computers: dsquery computer –inactive 8 –limit 100

 

Step 3: Disable inactive users/computers:

To disable inactive users/ computers. Please use below commands:

For User: dsquery user –inactive 8 | dsmod user –disabled yes

For Computer: dsquery computer –inactive 8 | dsmod computer –disabled yes

 

Step 4: To delete inactive/disabled users/computers

For user: dsquery user –inactive 8 |dsrm –noprompt

Dsquery user –disabled |dsrm –noprompt

For computer: dsquery computer –inactive 8 |dsrm –noprompt

Dsquery computer –disabled |dsrm –noprompt

 

By following above commands you will be able to clean the staled objects of AD. This will remove the possibilities of security threats due to staled objects. This can also be achieved by PowerShell scripts and 3rd party tools.