I have been having a Twitter conversation with Martin Byford-Rew the IT Manager at Thomas Deacon Academy in Peterborough and others about finding stale accounts in active directory, now I do not have that concern as I use an AD tools which runs overnight and creates or archives accounts as pupils, staff and parents arrive at or leave Twynham, but more of that in a later post.
Before we used the current AD tools I also had the same problem with keeping Active Directory tidy and up to date the only way I found before reaching for scripting tools was to use the query tools available in Active Directory so I hope this post helps Martin.
- Open Active Directory users and computers at the top you will see “saved queries”
- Right click Saved Queries and choose new query
- Put a name in the name field I chose “Not Logged On For 30 Days”
- You can choose to query the whole of your directory or just one OU
- Click Define Query
- If you are only interested in finding accounts that have not logged on for a while you get the choice between 30,60,90,120 or 180 days since last logon
We only use these queries now to check out parental accounts for inactivity but a tool that is built in but rarely used. Below you can see the results of the query that we created.
Dave Coleman
Chris McKinley
Blog Comments