Active Directory / SCCM Cleanup and Baselining [ http://ande.in ]
Here we are going to see some methods for automating Active Directory cleanup process.
Part I
Bridging the GAP between AD, DNS, Sites and IP Subnets.
Here we are going to map IP Address, Subnet and Site Code for all Computers in Active Directory and upload the data to SQL database.
Part II
Identifying and Disabling Stale Computers.
By Using the table we created from Part I, we identify the computers with password age and lastlogontimestamp > 60 days and disable them.
Stale Computers can be identified based on their Password Age and LastLogonTimeStamp
Go Further :
Machine Account Password Process
“The LastLogonTimeStamp Attribute” – “What it was designed for and how it works”
Part III
Move all Disabled computers to Standard Disabled OU.
Here we move all Disabled computers from other OUs to a standard OU.
Part IV
Move Computers to OU based on IP Subnets.
To automate the movement of computers in the Default Computers Container to the Location OUs based on their IP Subnets defined in the Active Directory Sites and Subnets
Source OU
ande.in/Computers
Destination OUs
ande.in/Asia/India/Computers
ande.in/Asia/Japan/Computers
ande.in/Europe/Italy/Computers
ande.in/North America/Canada/Computers
ande.in/South America/Argentina/Computers
Part V
Keep Active Directory and SCCM in Sync.
1. Comparing Computers in Active Directory vs Clients in SCCM
2. Identifying Computers in Active Directory without DNS Records
3. Identify Stale Computers in Active Directory [ etc ]