Dennis, check this out... http://www.joeware.net/win/free/tools/oldcmp.htm
The tool has several functions, from report only, to clean up. The clean up will not directly delete accounts, it will force you to disable them first. I recommend leaving them disabled for a few weeks or months and then swing back through and delete the deleted accounts. The tool really forces you to tell it to disable or delete so you shouldn't be too worried about bad things happening by accident. I tried to prevent that as best as possible to the point that some people have complained how many switches they need to actually hurt something. If you still have fear though, run it as a normal userid to get the reports. I have seen several companies that use this tool to reduce the size of their AD substantially. If you have some 10k dead accounts in Active Directory, think of the DIT growth you have that you don't need for new computers... joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Depp, Dennis M. Sent: Thursday, October 21, 2004 11:15 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Centralized vs. decentralized administration <SNIP> Computers go into AD, but are never removed. I have not found an effective way to address this problem yet. (Primarily because it has not yet become a pain point.) I could delete old computers from the OUSs, but I am reluctant to do this yet. <SNIP> List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
