AD Cleanup Tool
Identify and Cleanup Inactive User and
Computers in Active Directory
Easily scan your Active Directory environment for inactive user and computer accounts.
You can choose to disable, move, delete and export the objects from Active Directory.
Key Features
Enhance Security and Ensure Compliance Requirements
Removing unused accounts, reduces the risk of unauthorized access. It also minimizes the attack surface for potential threats.
Cleaning up AD also helps to ensure compliance with standards like GDPR, HIPAA, and others.
Inactive Users and Computers
Easily find stale user and computers objects in you Active Directory environment.
Inactive Users after x days
Find users that have not logged in after x days of inactivity.
Cleanup Inactive Accounts
Disable, delete, move to another OU, and export accounts details to CSV file.
Automate Cleanup Process
Use the built-in scheduler to automatically report, and cleanup AD objects.
Cleanup Group Policy
Easily find empty and unused GPO objects, find where GPOs are being used.
Find Empty Groups
Scan and find empty Active Directory groups. Groups with no members.
Unused Accounts
Find accounts that have not been used. No user logon timestamp.
Expire User Accounts
Get a list of user accounts that are expired and no longer active.
How Does it Work?
Step #1. Click on AD Cleanup Tool
Step #2. Select Inactivity time
Select “Inactive Users” select the inactive time (default is last 90 days) and click the “Run” button. This first step will only report inactive users.
Note: Select “Inactive Computers” to include computer accounts in the report.
Step #3. Select Actions
Select the accounts you want to cleanup and choose from the following actions.
- Delete = Delete the selected accounts
- Disable = Disable the selected accounts
- Enable = Enable the selected accounts
- Move = Move the accounts to another OU
- Export = Export the list of accounts to CSV, Excel or PDF.
Additional Features
The Toolkit includes the additional cleanup features.
Find Disabled Users
To find all disabled users click the “disabled users” box and click run.
Users with No Logons
Users with no logons are accounts that have no date in the lastlogonTimestamp attribute.
Click on “users with no logons” and click run.
Expired Users
Expired accounts are accounts that have a date set under the account expires settings.
To find all expired users click the “expired users” box and click run.
Find Inactive Computers
To find inactive computers click the “Inactive Computers” box select the time range and click run.
Find Empty Groups
Empty groups are groups that have no members.
To find all empty groups click the “empty groups” box and click run.
Cleanup Group Policy Objects
Just like user and computer accounts, there can be stale or unused GPOs in your environment. These unused or disabled GPOs can make a mess of your AD and cause confusion with other Administrators. The AD Pro Toolkit provides GPO reports and makes it easy to find unused GPOs.
To find unused GPOs click on Group Policy Report -> All GPOs
Any GPO that is not used will have the location blank. This means the GPO is not linked to the domain or an OU so it is currently not in use.
Cleanup Organizational Units (OUs)
To find all OUs that have no objects (meaning the OUs are empty) click on “OU Reports” and run the “All OUs and object count” report.
Automate AD Cleanup
With the AD Cleanup Tool, you can automate the cleanup of inactive users and computers.
- Automatically disable stale accounts
- Automate moving and setting a description
- Send email reports on stale accounts
- Delete account that have been disabled for x days
Click on “Scheduler” and click the “Add” button to create an automated task.
Customer Feedback
“We purchased Active Directory Pro so that our Helpdesk could quickly unlock user accounts, it is a top support call. It has also been a lifesaver in troubleshooting repeat lockouts and finding where users were getting locked out from.”
Diane Drye – IT Support Manager
“Our Active Directory was a huge mess. We used the AD Pro Toolkit to find unused computer accounts and disable them. We started with over 900 computer and found 300+ inactive accounts.”
Brian Stillwell – Sr. System Administrator
“I really like having a GUI method of interacting with Active Directory beyond the limited tools in Windows. We used to use scripts for most of our bulk updates and new user creation, AD Pro tools put everything in one place for convenient use anytime. “
Thad Taube – IT Systems Admin