Active Directory Cleanup Tool
The Active Directory Cleanup Tool will quickly identify stale and inactive users and computers in your Active Directory Domain.
Find inactive users and computers
Easily identify stale user accounts
Get expired, disabled, and users with no logons
Bulk move and disable accounts
Download Free TrialAll Features:
- Find inactive users and computers
- Find empty security groups
- Get expired and disabled user accounts
- Find users who never logged on
- Find all users with expired passwords
- Export reports to CSV, Excel or PDF
- Bulk move and disable accounts
Requirements:
- You will need permission to move and disable objects in Active Directory.
How to Use the AD Cleanup Tool
Step 1
Click on AD Cleanup from the management tools page.

Step 2
Select the time range and click run. By default, the tool searches inactive users for 90 days based on the lastlogonTimestamp attribute. The entire domain is searched by default. To select an OU or group click the browse or search button.

Step 3
To move accounts to another OU select them from the results grid and click the move button.

Step 4
To disable accounts, select them from the results grid and click the disable button.

Step 5
To export the results to CSV, Excel or PDF click the export button.

Find Disabled Users
To find all disabled users click the “disabled users” box and click run.

Users with No Logons
Users with no logons are accounts that have no date in the lastlogonTimestamp attribute.
Click on “users with no logons” and click run.

Expired Users
Expired accounts are accounts that have a date set under the account expires settings.

To find all expired users click the “expired users” box and click run.

Find Inactive Computers
To find inactive computers click the “Inactive Computers” box select the time range and click run.

Find Empty Groups
Empty groups are groups that have no members.

To find all empty groups click the “empty groups” box and click run.

Related Tools: