How To List Inactive Computer Accounts In Active Directory

IT Support Forum Forums Active Directory Users And Computers How To List Inactive Computer Accounts In Active Directory

Tagged: 

This topic contains 4 replies, has 3 voices, and was last updated by  Webmaster 1 year, 1 month ago.

  • Author
    Posts
  • #47

    McLovin
    Participant

    I’m looking for a way to list all the inactive AD computer accounts (say that haven’t connected to the domain in the last 3 months). Does anyone know how to list inactive computers in AD?

  • #48

    Webmaster
    Keymaster

    There are a few ways you can list inactive (or stale) computer accounts in AD, such as via PowerShell or with a program like Hyena.

    My favourite way to list inactive computer accounts is with dsquery. This is because you can pipe the output of a dsquery into another query or text file, which you can then use for something else.

    To list computers that have been inactive in AD for 3 months (90 days), use the below dsquery command in a command prompt window on a domain controller or PC on the domain with RSAT tools installed:

    dsquery computer -stalepwd 90 -limit 99999

    If you want, you can pipe this out to a text file but adding > C:\FileName.txt to the end of the command.

  • #1140

    tornstenkristen
    Participant

    Beside the above given suggestion, you can have a look on free “Lepide last logon reporter tool” that provides accurate last logon time of all the users in the domain with just a few clicks

  • #1141

    Webmaster
    Keymaster

    Also you can use Hyena, which isn’t free but is widely used.

    Personally, I would never give a free tool AD access unless it was from a large company that I trusted… especially when I had the option to do the same thing with a script.

  • #1895

    Webmaster
    Keymaster

    You can also do this command to list the stale computer accounts:

    dsquery computer -inactive 4

    That tells you all the computers that are inactive in the last 4 weeks. I think this is a better way to list the stale computer accounts as it can pick out computers that are inactive on the domain, which means you don’t have to wait for the computers domain password to expire before the computer can be identified as inactive / stale.

You must be logged in to reply to this topic.