I recently started working on a new project β an application that would tell you when a user or computer last logged on to your Active Directory domain so that you could identify old unused accounts. I got the application up and running fairly quickly and it did get the last logon for all users/computers in our domain, but once we had identified the unused user accounts we then needed to disable, delete or move accounts that had not logged on for over X number of days. After some searching I found that there don’t seem to be any free applications that can do this (there are plenty of free scripts but all of the nice user friendly GUI apps you have to pay for) β¦ so I decided to extend my application to provide this functionality (and more) and make it completely free for anyone to download and use, as many times as they want and on as many users/domains as they want.
EDIT: VERSION 1 CAN BE DOWNLOADED HERE OR YOU CAN TRY THE BETA OF VERSION 2.0 HERE
The application is not yet finished but I am working on it as much as I can (when Iβm not at work) so the first version should be complete within the next 2 or 3 weeks – so by the 28th August 2010 at the latest hopefully. Of course if quite a few people comment on this blog or email me saying that they would definitely be interested in using the app then that might prompt me to get it completed a little quicker π
Here is an idea of what it looks like at the moment (subject to change) and below you can find a list of all of the features: http://i135.photobucket.com/albums/q160/…/ADTidy1.jpg
Features
Get last logon information for user or computer accounts
Search for accounts in any domain you have access to, using user friendly dialogs to select the domain or container/OU to search (no LDAP path knowledge required)
Get last logon information from all DCs in the domain or select individual DCs to query
Option to only find accounts that have not logged on for X number of days
For any accounts that you select from the results of your search, you can perform any of the following actions:
- Disable accounts
- Rename accounts
- Enable accounts
- Update account descriptions
- Move accounts to another container/OU
- Delete accounts
- Add accounts to group
- Remove accounts from group
- Remove accounts from all groups
- Export details to CSV file
Specify alternate credentials to connect to domain with (if the account you are logged on with does not have the necessary permissions)
Easily save search settings and reload them next time you launch the application
Exclude accounts that have never logged on
Exclude disabled accounts
Exclude specific user/computer names
If you have any other features that you would like to see added in there then feel free to let me know, either by leaving a comment here or by sending me an email at cwright@cjwdev.co.uk and I will see if I can fit your suggestion in to the first release. If I don’t manage to get your feature request in to the first version then it will be in the next version, which will not take months to be released β I plan on bringing out new versions often, or as soon as there is a decent new feature available.
EDIT: VERSION 1 CAN BE DOWNLOADED HERE OR YOU CAN TRY THE BETA OF VERSION 2.0 HERE
Chris
TAGS: free active directory last logon software,Β get real last logon, inactive user report, inactive computer accounts, active directory find last logon, active directory clean up tool, active directory true last logon
I’ve been looking for a tool like this for such a long time! My company manages networks for many different organizations, and housekeeping is always a real pain with user and computer turnover. Especially since many of our customers have SBS servers, and have a fairly low max license count.
I am downloading the beta, and will post some feedback.
Thanks a million!
Thanks π would love to hear what you think of the BETA. The final version of the app is nearly finished now, should be another week and then it will be ready for public download. There is one bug in the BETA that I should warn you about (which has been fixed for the final version), though it probably wont affect you if you are dealing with SBS servers – the search will not bring back more than 1000 results from each DC it queries.
Oh and I work at an IT support company like you as well so I’ve put a lot of effort into making this app work for domains that your user/computer accounts is not a member of. All of the other similar apps that I have tried (that you have to pay for) seem to only work with your local domain, but mine will work even if you just VPN in to a network from a home PC – basically as long as you are able to resolve the domain name and DC names then it should work.
I doubt that bug will ever really be an issue for me. Our largest customer is a couple hundred nodes, so not too worried about the 1000 result limit. Works great so far! I’ve never had so much ease in cleaning up a DC before.
One question I have, I haven’t yet tried this on a DC running exchange, (ie: pretty much any SBS server). My question is, when deleting an SBS user from the AD, the system prompts you if you would also like to delete their exchange mailbox. I was afraid to experiment with this on a production server, have you tested this instance? I don’t mind if it doesn’t, but just so I know to take note of the stale users before deleting them from the ADTidy window, so I can manually delete the same object from the exchange server.
Once again, kudos on an amazing app, you’ve made my working life so much easier! Work smarter, not harder, that’s my philosophy.
If you ever find yourself in Ottawa Canada, let me buy you a beer!
haha I’m not sure I will ever be in Ottowa Canada (I live in England) but thanks for the offer π As for the SBS question – no this app wont do anything with Exchange accounts so you would have to manually remove those I’m afraid. You could use the Export To CSV action in my program before you use the disable/delete action so that you have got a list of all of the users that you have modified π
Oh and I would still recommend waiting for the full version to come out next week before you use the app for any serious work as there are quite a few additional features and bug fixes in it π I’ve mentioned pretty much all of the features that will be in the final version in this post that I posted today: https://cjwdev.wordpress.com/2010/08/25/ad-tidy-active-directory-clean-up-tool-update/
Not a problem, I appreciate all the work you’ve put into this app. I’ve only been using it as a lookup tool for the moment, to query for old objects, and making any other changes manually. I was definitely going to be waiting for the complete version before I tried any of the integrated features on productions sytems. I love beta apps, but you can’t be too careful.
As soon as the final version is available, I will be the first to download.
Thanks again!
Just to let you know, version 1.0 is now available π You can find more info and a download link here: http://www.cjwdev.co.uk/Software/ADTidy/Info.html
I’ve been out of the loop for a bit, and I haven’t gotten around to an update on here for a while, I just wanted to drop by and say that this is the most amazing server maintenance app that I’ve ever come accross. I haven’t run into any issues with version 1.0 so far.
Thanks again for taking the time to set this up for your fellow administrators, and especially for making this available at no cost.
Thanks a lot π glad its helping people out. Oh and I’d recommend upgrading to the latest version for a few new features and bug fixes π
An awesome piece of software, thanks very much! Really helped me with a small project that I have been doing.
Definately payware quality. Keep up the good work.
AJ.
Thanks Andrew π
Great app, keeps everything together and easy to see!
Confirmation number: 15R59892WJ410342J
Thanks Mike π and thanks a lot for the donation, it is very much appreciated!
If any of my other apps look useful to you then just let me know if you want any of the paid for versions and will give you a discount. You can find my other apps here: http://www.cjwdev.co.uk/Software.html
Thanks again
Chris
the tool is very nice and in deed helped a lot in keeping AD clean. As a request if possible can you add another function that can help to change Workstation’s Local Admin password.
I have tried to look out for a tool that can easy the process of changing desktop /Laptop local Admin password but couldn’t find any.
John
Hi John,
Have you had a look at the new Group Policy “Preferences” items in Server 2008? You can use these to reset the local admin password on workstations (as long as the workstations are Vista or above, or they have the GPO Preferences CSE installed)
This is an awesome tool! I was using PowerShell before I found the tool that you made. However, this is so much better! It makes account audits a whole lot easier.
The best part is that you made it free and shared your creation with other Administrators. For that, I tip my hat to you and say sincerely, “Thank you!”
I am also testing out your AD Info tool – which is awesome as well!
Thanks a lot, its nice that you appreciate it π hope AD Info is useful to you as well as that took an awfully long time to make! π
I wanted to add a thanks for this as well. It’s a nice looking tool and is easy to use.
I will probably use it to find accounts that have not been logged on in the future but for now I just used it to find the last log on time of a specific user.
Thanks Oliver, much appreciated π
Thank you for this awesome tool! Our OUs were full of old junk, you saved me a lot of time.
Thanks James, glad to hear that π
Oh and also, there will be a new version released in the not too distant future with a completely new user interface and some nice new features π
This tool is amazing! I was sure I was staring into the gaping maw of days worth of manual deletions and disabling. Thanks!
Thanks Jeremy, I’m pleased it saved you a lot of time and effort
Thanks!!!!!!!!!!!!! ITS SUCH A GOOD TOOL, thumbs uppp
>>>>HOLLANNNDDD<<<<
It’s a nice tool to manage AD, but I face a question. I can run this tool by every “Domain Admins”, but after I got the user or computer accounts that I want. I can’t take action(like move to other OU) by any “Domain Admins” except the Domain “Administrator”. Did anyone face this problem? How can I fix it? I guess it’s permission problem, but I don’t know how to do….Thanks