Active Directory management & automation

Delete Inactive Computers from Active Directory

It is very important to clean Active Directory from inactive computer accounts, and it is not of a less importance to perform this operation on a regular basis. Using the Scheduled Tasks feature of Adaxes you can automate and standardize the process of purging inactive computers from Active Directory.

Adaxes includes a built-in Scheduled Task called Inactive Computer Deleter that can be used to delete inactive computers from AD. In this tutorial you'll learn how to customize the task and how to set it up to run in automatic or semi-automatic mode.

If some undesired changes were made to a built-in Scheduled Task, you can discard all changes made to this task. To do this, right-click the task and click Restore to Initial State in the context menu.

Launch Adaxes Administration Console, expand Adaxes service \ Configuration \ Scheduled Tasks \ Builtin. Select the Inactive Computer Deleter task.


By default, the task is disabled. To enable the task, right-click it, point to All Tasks, and click Enable.


If necessary, modify actions and conditions of the task. The actions and conditions are displayed in the Result Pane.


If a computer is inactive for more than 12 weeks, the task submits a request to disable the account of this computer.

See how to change the inactivity period

  • Right-click the If account is inactive condition.
  • Click Edit Condition in the context menu.

  • Change the number of weeks according to your needs and click OK.

By default, the task requests an approval for the Disable Account action. The action must be approved by either an owner of the computer or an owner of the Organizational Unit where the target computer is located.

See how to modify the approvers or disable approvals for the Disable Account action

  • Right-click the Disable the account action in the Result Pane.
  • Click Edit Action in the context menu.

  • In the Execution Options section, use Add and Delete buttons to add and remove approvers from the list.
  • To disable approvals for the action, uncheck the Get approval for this action option.

  • When finished, click OK.
After the computer account is disabled, the task marks this computer as inactive. To mark a computer as inactive, the task sets the value of the When Marked Inactive property to the current date/time (When Marked Inactive is a virtual property that is not stored in AD).

In a month after a computer was disabled, if the computer is still inactive, the task submits a request to delete this computer account.

See how to modify the approvers or disable approvals for the Delete Computer action

  • Right-click the Disable the Computer action and click Edit Action in the context menu.

  • In the Execution Options section, use Add and Delete buttons to add and remove approvers from the list.
  • To disable approvals for the action, uncheck the Get approval for this action option.

  • When finished, click OK.

Optionally, you may want to perform other operations on inactive computers. For example, to move inactive computers to a specific Organizational Unit, perform the following steps:
  • Select the first set of actions and conditions and click the Add Action icon.
  • In the Add Action dialog, select the Move the Computer action.
  • In the Action Parameters section, click Select Location and select the target Organizational Unit.
  • When finished, click OK.

By default, the task is executed for all computers in all AD domains managed by Adaxes. If necessary, you can exclude some computers from the activity scope of the task.

To exclude computers from the activity scope of the task, you need to select the Exclude the selection option in the Assignment Options dialog when adding objects to the activity scope of the task. In such a way you can exclude computers located in a specific OU, computers that are members of a specific group, computers that belong to a Business Unit, individual computers, etc.

For example, if you want the task NOT to be executed on an individual computer, do the following:
  • Click the Add button located under the Activity Scope list.

  • In the Object Types drop-down box, check the Computer object type.

  • In the list of available AD objects, select the computer you want to exclude.
  • Click Add.
  • In the Assignment Options dialog that opens, select the Exclude the selection option and click OK.

  • Click Save Changes.
? Waiting

Progress status: Checking...