List of tools to find and disable Active Directory unused accounts
Free tools:
Usage
Example 1 oldcmp -report -age 0 -format csv -delim tab
The current one will generate csv file (tab delimited) report of all cmpaccs
Also you can run oldcmp /? and get a full list of switches.
Scripts
lastlogon
Usage: cscript //nologo LastLogon.vbs > output.txt
lastlogon time stamp – for Windows 2003 domain (Includes user logon’s time stamp)
Usage: cscript //nologo LastLogonTimeStamp.vbs > output.txtomputer accounts not logged on within X number of days
Commercial tools
# Find expired and unused Active Directory accounts
# Locate inactive user or computer accounts and disable, delete, move or enable Active Directory accounts in seconds.
# Shows disabled accounts, last logon/logoff time, OS type, etc.
# Export report to CSV,XLS,HTML,PDF and CSVDE
Unused Account Ferret
Find, disable and delete old user and computer accounts in Active Directory.
It queries all the domain controllers to determine which accounts have not been used for a specified number of days.
Don’t forget AD Network Manager – http://logicdevelopment.net/adnm/