Over the years, computers are replaced or decommissioned from the network but computers accounts in active directory are not deleted automatically and become obsolete.
Tracing these accounts in the past wasn’t an easy task.
To trace these accounts in the directory the easyest way is to search the computers that have not been logged in to the network in a given time interval.
For example, the following command will find all computers in Active
Directory that have not logged in to the network in the past 10 weeks:
dsquery computer -inactive 10 -limit 0
After reviewing the output list and you determent that these computers are no longer exist on you network, you can run the following command to delete them:
dsquery computer -inactive 10 -limit 0 | dsrm
If you just want to disable these accounts, try this command:
dsquery computer -inactive 10 -limit 0 | dsmod computer -disabled yes
