Active Directory
Cleanup Tool

Leaving stale, expired, and inactive accounts in Active Directory is a security risk. This tool quickly finds old accounts and allows you to bulk disable, delete, and more.

Key Features

Find Inactive Users and Computers

Attackers can use inactive accounts to try and hack into an organization. It is important to find these inactive accounts and disable them on a routine maintenance schedule. This tool can quickly find inactive accounts and lets you take action on them.

Bulk Move Accounts

A safe first step to cleaning up inactive accounts is to move them into another organizational unit. The Active Directory cleanup tool makes this easy. Just select the OU and all the selected accounts will be moved.

Easy To Use, No Scripting Required

This easy-to-use GUI tool required no coding or scripts. This saves you lots of time by not having to update or change complicated scripts.

Find Never Loggon On Users

You might be surprised at how many user accounts have never been used. This tool will easily display all accounts that have no logon activity. Carefully review these accounts and take action on them such as bulk moving to another OU or bulk disabling.

Get All Disabled Accounts

Disabled accounts can build up over time leaving Active Directory with unnecessary accounts. This can show up on audits, reports and add security risks. This also leads to data integrity issues with inventory and licensing.

Empty Groups

Find all Active Directory groups that have no members. This is a task most administrators don’t think to do because it’s hard to do unless you have the right tools.

“Our Active Directory was a huge mess. We used the AD Cleanup tool to find unused computer accounts and disabled them. We started with over 900 computers and found 300+ inactive accounts.”

Brian Stillwell – Sr. System Administrator

How Does it Work?

Here are some ways you can use the AD Cleanup tool to find stale accounts in your domain.

Find Stale User Accounts

To find stale user and computer accounts enter the timeframe in the search options and click run. In this example, I’m searching for accounts that have not been used within 15 days.

By default, the AD Cleanup tool will search for both users and computers. Use the filter options to limit the results to users only or computers only.

Find All Disabled Users

To find all disabled users select “Show Users” and then “Disabled Users” from the filter dropdown and then click “run”.

If you want to include disabled computers click on “Show Computers” and “Disabled Computers”

Bulk Move to Another OU

To find all disabled users select “Show Users” and then “Disabled Users” from the filter dropdown and then click “run”.

If you want to include disabled computers click on “Show Computers” and “Disabled Computers”

Display All Expired Accounts

Expired accounts are accounts that have been set to expire on a specific date. You should review and determine if these are still valid accounts.

To display all expired accounts select “Show Users” and “Expired Users” from the filter menu and click run.

Display All Users Last Logon Time

Add the lastlognTimestamp and lastlong columns to see the last logon times for all users or select users.

This is useful to see when a user last authenticated to your network. Use the built-in filter and sort to display the results as needed.

These reports can be exported to CSV by clicking the Export button.

Find Users with No Logon History

I’m always surprised to find accounts that have no logon history. This is often from new employees that never show up but accounts were created.

From the filters menu select “Show Users” and “Users Without Logon History” and click run.

Try The AD Cleanup Tool For FREE

Join 100,000+ global IT professionals and enjoy efficient, optimized, and intuitive Active Directory management that saves time and makes your job easier.