Options
AD Maint
staggerlee
Member Posts: 90 ■■□□□□□□□□
in Off-Topic
Hi all,
Currently looking at cleaning up our AD as we have a lot of users and computers that are no longer in play but still exist in AD.
What do you all do for general maintenance in AD for clearing out old users/computers.
What i was thinking is
a: Run a task that will find Computers and Users that have not logged in for x weeks. (easy in DSQuery)
b: auto disable/add to a group or move to a new OU (again easy using DSxx)
c: for users auto email there manager in there AD attribute informing them the user has been disabled and can it be deleted. (not sure how i would do this)
d: for computers leave disabled (we have a few laptops that are largely used offsite which cause a problem for this one. )
-
How i can get the email to auto send out im not sure, thinking of using SQL to get all the data/clean it up and using SQLMail. Also thought it could be a cool way to learn and play with Powershell, as im sure it could all be done via that.
what do you guys do for these tasks?
Cheers
S
Currently looking at cleaning up our AD as we have a lot of users and computers that are no longer in play but still exist in AD.
What do you all do for general maintenance in AD for clearing out old users/computers.
What i was thinking is
a: Run a task that will find Computers and Users that have not logged in for x weeks. (easy in DSQuery)
b: auto disable/add to a group or move to a new OU (again easy using DSxx)
c: for users auto email there manager in there AD attribute informing them the user has been disabled and can it be deleted. (not sure how i would do this)
d: for computers leave disabled (we have a few laptops that are largely used offsite which cause a problem for this one. )
-
How i can get the email to auto send out im not sure, thinking of using SQL to get all the data/clean it up and using SQLMail. Also thought it could be a cool way to learn and play with Powershell, as im sure it could all be done via that.
what do you guys do for these tasks?
Cheers
S
Comments
-
Options
mikedisd2
Member Posts: 1,096 ■■■■■□□□□□
It depends on how big your organisation is. If it's a small business, I'd probably just go through it manually. Either case get HR involved. Query for the usused user accounts and send to HR to see what is still valid.
And of course submit any recommendations of deletion for approval.
For computers, may have to do a thorough audit to see who has what. Or maybe disable and see who complains.
Cleanups aren't usually quick and easy. -
Optionsstaggerlee
Member Posts: 90 ■■□□□□□□□□
Hi Mike,
yeah users seems pretty straight forward (as in easy to confirm they are still here or not)
computers seems to be the main problem.. we are constantly rolling out new kit over the year as our helpdesk team (2 poeple) does all the new installs to ease pressure on them and the guys sometimes forget to remove the old stuff from AD.
We have 8xx computers in AD now but DSquery is brining up 200 inactive computers for 52 weeks! that would bring it to the sort of number i would expect.
Mike do you do any regular maintenance work on AD accounts?