Today I upgraded an Active Directory Forest from a functional level of Windows 2000 to Windows 2008R2.
It was a fairly simple process and done with the help of snapshots in Hyper-V just incase I needed to roll back.
When I began to design my new group policies I noticed there were nearly 200 computer accounts with the majority of them being inactive.
I found a few powershell scripts that will list the inactive computer accounts within a timeframe that you specify in the script. But then I found a command even better.
DSQUERY This command can scan for inactive computer accounts within a specified timeframe and then delete them as well!!!
dsquery computer -inactive 8 -limit 0 | dsrm (8 is the number of weeks)
This comment has been removed by the author.
ReplyDelete