AD Pro Toolkit / AD Cleanup Tool

Active Directory Cleanup Tool

The Active Directory Cleanup Tool will quickly identify stale and inactive users and computers in your Active Directory Domain. Inactive objects in Active Directory can provide unauthorized access to sensitive data and resources. If these accounts are not properly managed or disabled, they can be used by a malicious actor to breach your network and data. The AD Pro Cleanup Tool makes it easy to find stale objects in your domain and take actions such as disabling or removing the accounts.

Download Free Trial Schedule Demo
YouTube video

Features:

  • Find inactive user and computers
  • Easily find stale user accounts
  • Get expired, disabled and users with no logons
  • Bulk move and disable accounts
  • Find empty security groups
  • Find users that have not logged on within x number of days
  • Export reports to CSV, Excel or PDF
  • Delete inactive accounts

Requirements:

  • You will need permission to move and disable objects in Active Directory.

How to Use the AD Cleanup Tool

To find inactive user accounts follow the steps below.

  1. Click on security tools > AD Cleanup Tool.
  2. Select an OU or leave it as the default to run on the entire domain.
  3. Select the time frame (default is last 90 days) and click run.
active directory cleanup inactive users

To export the report, click the export button and select from CSV, Excel or PDF.

export inactive users

To move accounts to another OU select them from the results grid and click the move button.

To disable accounts, select them from the results grid and click the disable button.

Find Disabled Users

To find all disabled users click the “disabled users” box and click run.

Users with No Logons

Users with no logons are accounts that have no date in the lastlogonTimestamp attribute.

Click on “users with no logons” and click run.

Expired Users

Expired accounts are accounts that have a date set under the account expires settings.

To find all expired users click the “expired users” box and click run.

Find Inactive Computers

To find inactive computers click the “Inactive Computers” box select the time range and click run.

Find Empty Groups

Empty groups are groups that have no members.

To find all empty groups click the “empty groups” box and click run.

Move or Disable Stale User and Computer Accounts

The AD Cleanup Tool lets you move and disable stale accounts. You can easily run a clean up on single or multiple accounts in Active Directory. The recommended way to clean up stale accounts is to move them to an inactive OU, disable them for x days and then delete the account.

Cleanup Group Policy Objects

Just like user and computer accounts, there can be stale or unused GPOs in your environment. These unused or disabled GPOs can make a mess of your AD and cause confusion with other Administrators. The AD Pro Toolkit provides GPO reports and makes it easy to find unused GPOs.

To find unused GPOs click on Group Policy Report -> All GPOs

Any GPO that is not used will have the location blank. This means the GPO is not linked to the domain or an OU so it is currently not in use.

Related Tools: