Active Directory Cleanup Tool

Leaving stale and expired accounts in Active Directory is a security risk. This tool quickly finds old accounts and allows you to bulk disable, delete, and more.

Find inactive user and computer accounts

Find expired accounts

Bulk disable or moved

Find empty groups



Find inactive user accounts

You will be surprised to see how many Active Directory accounts are unused. Use this tool to quickly find those stale accounts and disable or move them. You can change the search to find the last logon for any number of days, for example, 30.

Bulk Move Accounts

A safe first step to cleaning up inactive accounts is to move them to another organizational unit. The Active Directory cleanup tool makes this easy. Just select the OU and all the identified inactive accounts will be moved.

Empty groups

Find all Active Directory groups that have no members. This is a task most administrators don’t think to do because it’s hard to do unless you have the right tools.

Find expired user accounts

Administrators will often set accounts to expire. But do they come back and delete the account? Most often these accounts are forgotten and hard to find. The Active Directory cleanup tool makes it easy to find all accounts that have expired.

List all disabled accounts

Just like inactive accounts, disabled accounts can build up over time leaving Active Directory with unnecessary accounts. This can show up on audits, reports and add security risks.

Users that have never logged on

This one will also surprise you. Why would there be accounts that have never been used? There could be a number of reasons but they need to be found and determined if they can be disabled or removed.