AD Tidy (Free Active Directory Clean Up Tool) Released

August 29, 2010 — 6 Comments

Well its taken about a month but Iโ€™ve finally finished version 1.0 of my free active directory clean up application, AD Tidy. You can find more information and a free download link here:

Hope it is useful to some of you and please let me know any feedback that you have on it.

Thanks, Chris

6 responses to AD Tidy (Free Active Directory Clean Up Tool) Released


    Thanks SO MUCH! This does something that AD should do by default, and does it simply and well.

    I’ve only used the computer name side of the search function, but it was *brilliant!* I filtered for machines that hadn’t connected in 120 days, confirmed a couple valid ones, then disabled and moved the rest. Sweet!

    The one thing I’d add would be a column to show the domain user for computer name, when doing the computer search. So I know who’ll be calling tomorrow…

    Sir, I owe you several beers!


      ๐Ÿ™‚ thanks for the positive feedback.
      As for adding a column for the user of the machine, I’m afraid that’s not really possible because AD doesn’t store which PC a user last logged on to or anything like that. The only way to do it would be to query each machine directly and obviously that is not going to work for any old/inactive machines so it wouldn’t really be much use.
      If you have any other suggestions though, feel free to let me know and I’ll see what I can do ๐Ÿ™‚


    Thank you for this tool! I have been looking for something to identify when a user logged in last and this seems to fit the bill.

    One question, how is the “Last Logon” determined? Is it an active directory attribute?


      Yeah there is an AD attribute named “lastLogon” and this gets updated on the domain controller that authenticates a user when they log on. Unfortunately this attribute does not get replicated to other domain controllers so programs like mine have to query each DC in your domain to get the most recent lastLogon value for each user. There is a lastLogonTimeStamp attribute that does get replicated but it is only accurate up to 14 days or something like that, so if you just need a rough idea of when a user last logged on then you can query that attribute but for a real accurate value you need to query each DC for the lastLogon attribute ๐Ÿ™‚


    Great tool…thank you. You have just made my job much simpler.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s