Spent yesterday diagnosing a login issue and in doing so I realised how much of a mess our AD is, redundant accounts, empty OUs, empty groups, groups that contain another group as a member and that group has the initial group as a member, so effectively just looping around on itself and achieving nothing.
Just wondered what methods you all use to clean up AD, redundant accounts are easy enough to manage by last login date, but the looping groups thing I'm not so sure of the best way to get an idea of , which doesnt involve me having to check every group.
That sounds nice! Any chance of a look?
Yep, I am away from the office until next week. I am going to make a blog about them soon
that would be nice to see. We were about to embark on a manual process of this task ourselves over summer, but this would be great!
I use Dovestone Tools utilities.
Active Directory Tools, Active Directory Software
They have a last logon and last computer seen features that can show which computers and users are now redundant.
I tend to clean any computer or user that has not been "seen" on the network in the last 6 months.
Keeps things very clean.
EDIT: This is the actual app. Costs $99 and well worth it.
Last edited by zag; 28th June 2012 at 03:52 PM.
Don't let it get into a mess in the first place
Check out AD Tidy from cjwdev dot co dot uk - its free and will help you clear all the mess out - certainly did for me when I inherited a network with loads of old muck lying about.
There are currently 1 users browsing this thread. (0 members and 1 guests)