We have not been clearing out old objects in the AD for sometime. Hence we have a lot of unused objects in the AD. This has a knock on effect in SCCM which we plan to migrate to 2012 next year.
The following procedure has been proposed:-
A script that will run monthly, this script will:
- Create an AD group based on month and year in the format
“10-2014DisabledComputers” - It will look at the lastlogontimestamp and look for machines that have not been logged into for 90 days.
- It will then disable them and add them to the AD group created in step 1.
The group can then be browsed and machines can be enabled and removed from the group.
Then another script will run monthly to delete the computers:
- It will get the group from the AD, from 3 months ago eg. “7-2014-DisabledComputers”
- It will then delete the computers in the group and then finally delete the group
At this point the machine will have had 90 days from the first script and a further 90 days from the second, giving a total of 6 months.
Please send any feedback to L.Lockwood@lboro.ac.uk by 7th November 2014.