{"id":983,"date":"2013-01-18T02:57:20","date_gmt":"2013-01-18T02:57:20","guid":{"rendered":"http:\/\/pariswells.com\/blog\/?p=983"},"modified":"2023-06-12T14:35:52","modified_gmt":"2023-06-12T14:35:52","slug":"find-old-computer-and-user-accounts-in-active-directory-through-dsquery","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/random\/find-old-computer-and-user-accounts-in-active-directory-through-dsquery","title":{"rendered":"Find Old Inactive or Active Computer and User Accounts in Active Directory through DSQuery\/Powershell"},"content":{"rendered":"\n

Azure AD -> https:\/\/pariswells.com\/blog\/research\/find-old-inactive-computerdevices-and-user-accounts-in-azure-active-directory<\/a><\/p>\n\n\n

\n
\"ADUsers&Comps\"<\/figure>\n<\/div>\n\n\n

**SolarWinds make a free tool GUI for this : http:\/\/downloads.solarwinds.com\/solarwinds\/Release\/FreeTool\/SolarWinds-Freetools-MS-Mini-Utilities.zip<\/a><\/p>\n\n\n\n

*****More AD Cleaup Tools<\/p>\n\n\n\n

http:\/\/www.adaxes.com\/blog\/cleanup-active-directory-with-powershell.html<\/a><\/p>\n\n\n\n

You can run these commands in a command prompt on any DC or PC With Active Directory Tools installed<\/p>\n\n\n\n

Time Perioud = Weeks so for example let’s work with 6<\/p>\n\n\n\n

How to find the CN or OU Path<\/strong><\/p>\n\n\n\n

Open Active Directory Users and Compuer , Click on View and Advanced Features<\/strong><\/p>\n\n\n\n

Find the OU you need to reference and Click on Properties<\/strong>, Attribute Editor<\/strong> Tab and Copy the distinguishedName <\/strong><\/p>\n\n\n\n

Inactive On Prem AD Computer Accounts<\/h2>\n\n\n\n

Find Old Disabled or Enabled Computer accounts across the whole domain older than 6 weeks<\/strong><\/p>\n\n\n\n

dsquery computer -inactive 6 -limit 0<\/em><\/code><\/pre>\n\n\n\n
Powershell Find Only Enabled Computer inactive for 3 Months <\/strong><\/p>\n\n\n\n
Search-ADAccount -ComputersOnly -AccountInactive -TimeSpan \"90\" | ?{$_.enabled -eq $True}<\/code><\/pre>\n\n\n\n
Find computer accounts old than 6 weeks and disable<\/strong><\/p>\n\n\n\n
dsquery computer -inactive 6 -limit 0 | dsmod computer -disabled yes<\/code><\/pre>\n\n\n\n
Find Old Computers in a Group CN e.g. if the Icon Looks like this : <\/strong><\/p>\n\n\n\n
dsquery computer -inactive 6 -limit 0 CN=Computers,DC=domain,DC=local (Add to stop it going further then the current folder) -scope onelevel<\/code><\/pre>\n\n\n\n
Find Old Computers in <\/strong>a Operation Unit OU e.g. if the Icon Looks like this : <\/strong><\/p>\n\n\n\n
dsquery computer -inactive 6 -limit 0 OU=Clients,DC=domain,DC=local (Add to stop it going further then the current folder) -scope onelevel<\/code><\/pre>\n\n\n\n
Query THEN DELETE computer objects which have been inactive for 8 weeks in a specific OU and name starts with PCNAME<\/strong><\/p>\n\n\n\n
dsquery computer \"OU=Computers,OU=OUNAME,DC=domain,DC=local\" -inactive 8 -name PCNAME* | dsrm -noprompt<\/code><\/pre>\n\n\n\n
Inactive On Prem AD User Accounts<\/h2>\n\n\n\n
Find Old Disable or Enabled User accounts across the whole domain older than 6 weeks<\/strong><\/p>\n\n\n\n
dsquery user domainroot -name * -inactive 6<\/code><\/pre>\n\n\n\n
Powershell Find Only Enabled User inactive for 3 Months <\/strong><\/p>\n\n\n\n
Search-ADAccount -UsersOnly -AccountInactive -TimeSpan \"90\" | ?{$_.enabled -eq $True}<\/code><\/pre>\n\n\n\n
Exchange Active User accounts<\/strong><\/p>\n\n\n\n
(Get-MailboxStatistics -Server <exchangeservername> | where {$_.LastLogonTime -gt ((get-date).AddDays(-60))}).count<\/code><\/pre>\n\n\n\n
Find Old User accounts across the whole domain older than 6 weeks and disable <\/strong><\/p>\n\n\n\n
dsquery user domainroot -name * -inactive 6 | dsmod user -disabled yes<\/code><\/pre>\n\n\n\n
Active User Accounts<\/h3>\n\n\n\n
Get-ADUser \u2013filter * -Properties passwordLastSet,whencreated,lastlogondate,Enabled,PasswordNeverExpires | Where { ($_.passwordLastSet \u2013eq $null \u2013or $_.lastlogondate \u2013gt (Get-Date).AddDays(-30)) -and ($_.Name -notlike \"*svc*\" -and $_.Name -notlike \"*Admin*\" -and $_.Name -notlike \"*test*\" -and $_.Name -notlike \"*huonit*\" -and $_.Name -notlike \"*Room*\" -notlike \"*Mailbox*\" -notlike \"*Exchange*\" -notlike \"*Service*\" -notlike \"*Helpdesk*\") }| Select Name<\/code><\/pre>\n\n\n\n
User accounts with Passwords set to never expire<\/h3>\n\n\n\n
get-aduser -filter * -properties Name, PasswordNeverExpires | where {\n$_.passwordNeverExpires -eq \"true\" }<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
Azure AD -> https:\/\/pariswells.com\/blog\/research\/find-old-inactive-computerdevices-and-user-accounts-in-azure-active-directory **SolarWinds make a free tool GUI for this : http:\/\/downloads.solarwinds.com\/solarwinds\/Release\/FreeTool\/SolarWinds-Freetools-MS-Mini-Utilities.zip *****More AD Cleaup Tools http:\/\/www.adaxes.com\/blog\/cleanup-active-directory-with-powershell.html You can run these commands in a command prompt […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[1395,1394,750,1303,1950,1949,618,551,2444,2445,1952,2514,1951,576,1953,2446],"class_list":["post-983","post","type-post","status-publish","format-standard","hentry","category-random","tag-account","tag-active","tag-active-directory","tag-disabled","tag-dsquery","tag-dsrm","tag-exchange","tag-find-old-computer-and-user-accounts-in-active-directory-through-dsquery","tag-how-to-query-and-delete-old-computer-objects-from-active-directory","tag-inactive","tag-inactive-computer","tag-msp","tag-old-computer","tag-powershell","tag-purge-computer","tag-user"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/983","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=983"}],"version-history":[{"count":17,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/983\/revisions"}],"predecessor-version":[{"id":8261,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/983\/revisions\/8261"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=983"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=983"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}