PowerShell is a powerful scripting environment for Windows which can be used for this type of maintenance but first you all you need to install the Active Directory Powershell tools:
1. Click Start -> All Programs -> Accessories -> Windows PowerShell -> Windows PowerShell
2. At the command prompt type:
Import-Module ActiveDirectory
3. Once the module install is complete, confirm its available by running:
Get-Module -ListAvailable | select-string -pattern "Active"
Once you have installed the Active Directory PowerShell commands you may use the following syntax to search for computers which haven’t logged in for 6 or more months:
get-adcomputer -properties lastLogonDate -filter * | where { $_.lastLogonDate -lt (get-date).addmonths(-6) } | sort Name | FT Name,LastLogonDate
To delete old computer accounts use the same syntax and pipe it through the “Remove-ADComputer” script:
get-adcomputer -properties lastLogonDate -filter * | where { $_.lastLogonDate -lt (get-date).addmonths(-6) } | Remove-ADComputer
To find Active Directory user account which haven’t logged in for 6 or more months use:
Search-ADAccount -accountdisabled | where {$_.lastlogondate -lt (get-date).addmonths(-6)} | FT Name,LastLogonDate
To delete old user accounts use the same syntax and pipe it through the “Remove-ADUser” script:
Search-ADAccount -accountdisabled | where {$_.lastlogondate -lt (get-date).addmonths(-6)} | Remove-ADUser
