How To List Inactive Computer Accounts In Active Directory

There are a few ways you can list inactive (or stale) computer accounts in AD, such as via PowerShell or with a program like Hyena.

My favourite way to list inactive computer accounts is with dsquery. This is because you can pipe the output of a dsquery into another query or text file, which you can then use for something else.

To list computers that have been inactive in AD for 3 months (90 days), use the below dsquery command in a command prompt window on a domain controller or PC on the domain with RSAT tools installed:

dsquery computer -stalepwd 90 -limit 99999

If you want, you can pipe this out to a text file but adding > C:\FileName.txt to the end of the command.

Beside the above given suggestion, you can have a look on free “Lepide last logon reporter tool” that provides accurate last logon time of all the users in the domain with just a few clicks

Also you can use Hyena, which isn’t free but is widely used.

Personally, I would never give a free tool AD access unless it was from a large company that I trusted… especially when I had the option to do the same thing with a script.

You can also do this command to list the stale computer accounts:

dsquery computer -inactive 4

That tells you all the computers that are inactive in the last 4 weeks. I think this is a better way to list the stale computer accounts as it can pick out computers that are inactive on the domain, which means you don’t have to wait for the computers domain password to expire before the computer can be identified as inactive / stale.