Latest posts by Guest Author (see all)
- FREE: File Permissions Check - Compare folder and file permissions - Fri, Feb 20 2015
- FREE: ABC-Deploy - Software deployment and inventory - Wed, Apr 16 2014
- FREE: AD Permissions Reporter - View Active Directory permissions - Fri, Feb 7 2014
Submitted by Chris Wright - Website: Cjwdev
The first version of AD Tidy was released a couple of years ago, and was a small simple GUI tool designed to help you locate and clean up inactive user and computer accounts in your AD domain. Now it has been completely re-written from scratch to provide a more modern GUI and a large amount of new features. To give some idea of the scale of the changes – the old version was roughly 3000 lines of source code and this new version is over 13000.
Like most Cjwdev tools, the new version comes in two editions: a free edition and a standard edition. The main difference between the two versions of AD Tidy is that the standard edition includes a server side service that lets you automate the process of locating and cleaning up inactive accounts (along with a command line version for you to use in your own scripts or scheduled tasks), but the free edition can still be very useful and save a huge amount of time as it still includes powerful filtering capabilities and a large number of actions that can be performed on any accounts that matched your filter. You can filter based on account name, description, group membership, expiration date, last logon time, DNS record timestamp, LDAP attribute, and more.
You could just use this as a reporting tool to show you an accurate last logon time for various accounts, as it can calculate last logon time either by using the lastLogonTimeStamp attribute (which is fast as it only requires contacting a single DC, but is only replicated every 14 days) or by using the lastLogon attribute (which is not replicated, so AD Tidy will contact every DC and show you the most recent value).
However, once you have found accounts that match your specified criteria you can also then use AD Tidy to clean up those accounts by performing any of the following actions: Disable, Move, Delete, Delete Home Drive, Add To Group, Remove From Group, Remove From All Groups, Run External Script, Set Expiry Date, Clear LDAP Attribute Value, Set Random Password, Hide From Exchange Address List, Set Description, and more.
Ad Tidy - Actions
You can also combine these actions into an Action Sequence, to make it easier to perform multiple actions at the same time whenever you want. So if your standard procedure for old accounts is to disable them, reset their password, and move them to a specific OU – you can easily build an Action Sequence to do that and then performing it is as simple as selecting the accounts in AD Tidy and right clicking on them and selecting your action sequence.
There are many more features that have been introduced in this new version and hopefully the free edition will continue to help a lot of people out.