Right Click Tools
How to Manage Devices with the Active Directory Cleanup Tool
Topics: Right Click Tools
One of the tasks that often gets pushed to the wayside, but is very important, is managing devices in Active Directory (AD). As the Active Directory accumulates more Organizational Units (OUs), it’s easy to let objects become obsolete as time passes.
You need to ensure that Active Directory only contains devices that are active, and that Configuration Manager is managing those devices. While the AD uses encryption, it’s up to an administrator to regularly clean up active directory devices, objects, and user accounts.
However, knowing how many devices are being managed and identifying stale devices is no easy task, so this is where Right Click Tools helps. The Active Directory Cleanup Tool, found in the Enterprise Edition, makes managing devices in AD more straightforward and accessible, and it can all be done from right inside the ConfigMgr console.
Getting Started with the Active Directory Cleanup Tool
Using Right Click Tools can help streamline and remove inactive objects from your collection of system data. Combining an AD cleanup tool with best practice procedures ensures that your organization easily minimizes potential risks.
Here’s how to clean up the Active Directory:
After launching the ConfigMgr console, go to Assets and Compliance/Recast Software and select the Active Directory Cleanup Tool. In the dashboard, you will be presented with two drop-downs: OUs and Collections. This allows you to compare an OU in Active Directory with a collection in Configuration Manager. Once you make your selections, press the Scan button.
Essentially, the tool is making a list of the OU(s) that you selected and comparing it to the list of selected computers in the ConfigMgr collection(s). After it compares the lists, it will let you know if the devices are:
- In both the selected ConfigMgr collection(s) and AD OU(s).
- Only in the selected AD OU(s).
- Only in the selected ConfigMgr collection(s).
Please note: Given how the Active Directory cleaner works, it is important to make sure that you select an OU or OUs that match the selected collection or collections. That way, when you see devices that only exist in one, and not the other, it actually means that the device is only in one and not the other.
For example, below, you can see that I selected the OU, Recast Workstations, with the corresponding ConfigMgr collection, Recast Workstations.
When I click on the Scan button, I find that things are pretty good overall. However, in the image below, you can see that there is one device in the selected OU that is not in the selected collection, and you can also see that there is one device in the selected collection that is not in the selected OU.
After Identifying Problems in the Active Directory Cleanup Tool, What’s Next?
One of the most helpful features of Right Click Tools is the ability to see information and then take action directly from the dashboards.
You can click on any of the pieces in the pie chart, and a list of the devices that make up that pie piece is displayed. That list will contain helpful information about when the device was created, and the last time it checked into AD or ConfigMgr. Now, you are ready to take action on the devices, right from the console, just by right-clicking on the device(s).
In this example, it might make sense for me to first ping the device in AD to see if it is active. Once I’ve determined it’s an “old” device that’s just hanging out and can be deleted, I can do that from the dashboard as well.
You can also send this information to another team by simply clicking on the Export to CSV button at the bottom of the screen and sending it to the person who needs the information the most. With Right Click Tools, reporting, device management, and Active Directory cleanup can all be done from the dashboard. How easy is that?
More Resources
If you’d like to see the Active Directory Cleanup Tool dashboard in action, here’s a short video. You can also read more about it on our documentation site. If you have any additional questions, please feel free to reach out to me @ConfigMarty or Recast @RecastSoftware on Twitter.