Direct Inward Dialing: +1 408 916 9393
Free EditionOver time, users, computers, groups and GPOs become obsolete and need to be deleted. ADManager Plus helps you trace all inactive, disabled, account-expired users and computers in Active Directory. Based on your company's Active Directory housekeeping policy, you can scrub away the unnecessary accounts by deleting them. Clean up Active Directory effectively and efficiently by automatically identifying stale accounts and disabling, enabling or moving accounts to quarantine them.
Besides enhancing the security and performance of Active Directory and its performance, ADManager Plus' automated AD cleanup also helps you save significant time by eliminating the need to use command line tools and PowerShell scripts.
Get the free download of this tool's trial version to explore all the features mentioned above.
ADManager Plus helps you detect and remove inactive AD accounts by allowing you to generate reports and perform management actions such as deleting, disabling, or moving them to a different OU, right from these reports.
Right from these reports, you can manage dormant or stale accounts, delete, disable or move them to another OU, in bulk.
With ADManager Plus you can easily generate the list of user or computer accounts that are disabled. The userAccountControl attribute is used to locate the disabled users in the domain. You can manage these accounts easily by deleting them or moving the accounts to another OU. You can also delete, enable, or move multiple disabled accounts at the same time. See how to move user accounts.
Active Directory user accounts that have gone obsolete for a long time might have expired without either the user or administrator knowing about them. Writing a script to find expired accounts can be tedious, ADManager Plus report generator scans the Active Directory and gives you a list of all expired accounts. Right from the report, admins can proactively secure their network by deleting users, disabling users or moving expired users to another OU. You can also print and export account expired and other important reports like locked out users to XLS, CSV, PDF, HTML, and more.
Using ADManager Plus you can retrieve inactive AD user accounts, that is, accounts that have not been used to log in to the domain within the last 30, 60, or more days. Find inactive users
A reliable Active Directory infrastructure should always ensure that the existing accounts are enabled and obsolete accounts are disabled or deleted, for optimum productivity and security. Active Directory user accounts status is very speculative as it is subjected to numerous password policies and other limitations; so in a small organization administrator can manually check the account status and eventually modify them. But for medium and large organizations, a tool which can detect the status of user and computer accounts and delete, disable, or move them subsequently is preferable.
ADManager Plus with its built-in delete, disable, and move features helps administrators maintain the status of Active Directory accounts up to date. Clean up your Active Directory by deleting stale accounts or managing single or multiple accounts with the disable or move feature by selecting them from any one of the user or computer reports such as inactive users, account-expired users, inactive computers, and more.
Administrators can generate reports on inactive users or computers along with reports on disabled or expired accounts and manage them from the reports themselves. For example, they can delete the users or computers, or move them to a different OU.
AD users are added to and removed from AD groups from time to time, especially in a complex, dynamic Windows environment. Over a period, it might result in some groups that have no members. Such empty groups serve no practical purposes and simply add up to AD management burdens. Fortunately, the capabilities of ADManager Plus extend beyond identifying and deleting (or moving) just the user and computer objects. The Groups Without Members report queries the LDAP for all the groups within the selected domain(s), verifies their membership status, and locates all the empty groups (i.e., groups without any members) in a given domain and delete them right from the reports window.
In most AD environments, there are outdated GPOs. Cleaning up such GPOs is crucial to unclutter your Active Directory and keep it more organized and secure. So, if you are wondering how to clean up your Active Directory GPOs effectively, then ManageEngine ADManager Plus is your go-to tool. It is is loaded with the following GPO-related reports which have built-in options to clean up your GPOs right from the report.
The Disabled GPOs report provides a list of all GPOs in which both the user and computer configuration settings have been disabled. You can generate a list of group policy objects that aren't being used from the Unused GPOs report. Similarly, the Computer Settings Disabled GPOs and User Settings Disabled GPOs reports enable you to list GPOs with the computer settings disabled and the user settings disabled respectively.
ADManager Plus also takes things up a notch and lets you automate or semi-automate your AD cleanup operations. You can configure multiple automation policies as needed. The key benefit of AD automation is that you can select from any of the predefined automation categories along with the objects that have to be managed automatically and also specify the desired execution time. For instance, you can configure an automation policy that lets you move all the inactive users in a domain to a separate OU once every X months, retain them there for Y days, and then delete those accounts.
Follow these steps to find inactive users in AD using ADManager Plus.
Follow these steps to find inactive computers inAD using ADManager Plus.
Here are some best practices forAD cleanup:
ADManager Plus provides out-of-the-box reports on Active Directory infrastructure resources. More on Active Directory Reports
If your organization uses AD to deal with financial data in the network, you will have to meet the compliance requirements related to SOX. For more information on SOX and how ADManager Plus can be of great help in assisting your organization to meet SOX compliance requirements, please refer to this article.
Featured links
Make your everyday Active Directory management tasks easy and light with ADManager Plus's AD Management features. Create, modify and delete users in a few clicks!
Fire a shotgun-shell of AD User Management Tasks in a Single Shot. Also use csv files to manage users. Effect bulk changes in the Active Directory, including configuring Exchange attributes.
Pre-defined O365 user-specific reports: all users & inactive users, license based reports: licensed / unlicensed users, license details, and group-based reports: distribution lists, security groups, etc.
Unload some of your workload without losing your hold. Secure & non-invasive helpdesk delegation and management from ADManager Plus! Delegate powers for technician on specific tasks in specific OUs.
Create and manage Exchange mailboxes and configure mailbox rights using ADManager Plus's Exchange Management system. Now with support for Microsoft Exchange 2010!!
A complete automation of AD critical tasks such as user provisioning, inactive-user clean up etc. Also lets you sequence and execute follow-up tasks and blends with workflow to offer a brilliant controlled-automation.
Need Features? Tell Us
If you want to see additional features implemented in ADManager Plus, we would love to hear. Click here to continue
