In an organization with large Active Directory (AD) database, it is a daunting task to manage the Directory Services and keep it clean from inactive or old computers account. By using the DSQUERY command, you can query AD for old computers account based on the specific time frame since it last reported to AD and remove them.
An example of using DSQUERY to do such task is:
dsquery computer -inactive 12 -limit 0
The output result would be a list of computers that have not reported to AD for the last 3 months or 12 weeks. You can then review the list and verify that those machines are no longer on your network and remove the accounts as appropriate.
Should you want to remove everything from the list then use the following command:
dsquery computer -inactive 8 -limit 0 | dsrm -noprompt
The dsrm -nopromt will delete all the reported objects that was piped to it from dsquery without prompting you.
The DSQUERY utility comes with the Windows 2003 Support Tools and I believe that it come as a default with the version of Windows 2008
DISCLAIMER: Please use this at your own risk. The aim of this article is to help you maintain your network. It is your responsibility to verify and confirm anything that you delete from your environment are neccessary.
Zero Day IT - Peter V Nguyen 