1. Clean up user accounts
-
Download AD Tidy: https://www.cjwdev.com/Software/ADTidy/Download.html
-
Run: “C:\Program Files\Cjwdev\AD Tidy Free Edition\ADTidy.exe”
-
Click on the Users icon >> Set Credentials to domain administrator >> click Start >> click Export >> Export to CSV File >> click on Desktop >> File name = accounts >> Save as type = CSV >> click Save
-
Open accounts.csv using Excel and consult administrators (HR and department managers) for confirmation of inactive accounts
-
Run Active Directory Users and Computer (dsa.msc) as Administrator on a Domain Controller >> Search and move the identified accounts into the Disabled Accounts OU >> select Disabled Accounts OU >> select all, right-click >> click Disable Account
-
Run: “C:\Program Files (x86)\SystemTools\DUMPSEC.exe” to generate an updated list of account statuses
-
Delete accounts in the Disabled Accounts OU after 1 year of being disabled
2. Clean up computer accounts
-
Download AD Tidy: https://www.cjwdev.com/Software/ADTidy/Download.html
-
Run: “C:\Program Files\Cjwdev\AD Tidy Free Edition\ADTidy.exe”
-
Click on the Computers icon >> Set Credentials to domain administrator >> click Start >> click Export >> Export to CSV File >> click on Desktop >> File name = computers >> Save as type = CSV >> click Save
-
Open computers.csv using Excel >> edit the sheet to make it easier to view >> send file to system manager(s) for review
-
Move computer accounts to Disabled Accounts folder and disable them
-
Delete accounts in the Disabled Accounts OU after 1 year of being disabled
Categories: