AD User And Computer Accounts Cleaner
Welcome to AD User And Computer Accounts Cleaner (ADUCAC). ADUCAC is an application which allows you to scan your Active Directory environment for user accounts or computer accounts and will display its last logon date. Since the last logon date is only updated on one domain controller in your domain at the time, you have to check every domain controller to determine the last updated last logon date. This application can be configured to your special needs when gathering last logon dates. You can specify the network load, exclude certain groups and configure the data you want to collect per account. So, no unnecessary data is gathered if you do not want to and it is gathered at a speed that is ideal to your network.
When the scan is completed you can also perform actions on the accounts your scan has found. For example, you can disable accounts or move accounts to another Organizational Unit (OU) when the last logon date of an account is more than two months ago.
ADUACAC provides you the following functionalities:
- Displays the most updated last logon date of a user or computer account
Only one domain controller in a domain has the most updated last logon date of a user or computer account. This application contacts all domain controllers to determine the most updated last logon date for each account.
- Disable user or computer accounts
When accounts have not been used for a long time, you can disable that account.
- Enable user or computer accounts
The same accounts can be enabled, for example, when an account needs to be in use again, or a wrong account is accidentally disabled.
- Move user or computer accounts
Accounts that are not used any more can be moved to another Organizational Unit.
- Schedule a scan
If your scan causes a lot of network traffic, you can choose to schedule a scan in, for example, the evening.
How does AD User And Computer Accounts Cleaner work?
AD User And Computer Accounts Cleaner gathers user account information of accounts that are in your domain(s).
Last logon date
The application retrieves the last logon date with LDAP for every user account in the objects (organizational units, containers or domains) you want to scan. Because at only one domain controller in a domain the last logon attribute is updated when a user logs on, the application must connect to every domain controller in that domain to retrieve the most current last logon date.
Domain controllers
Most domains have multiple domain controllers. To retrieve (last logon) information about an account, the application has to get the information per account from every domain controller to be sure it has the most updated information. So, when you have five domain controllers in your domain, the application gets the last logon date (and other information) from five domain controllers and adds that account five times to a data list.
Threads
To collect the data from the network as fast as possible, the application connects to every domain controller at the same time. To achieve this, threads are create for every domain controller, per OU or container (At least, when enough treads are configured in the project settings). A domain controller can only be connected to one thread at the time. Every user or computer account exists on every domain controller, but not always with the same data, like the last logon information. The information gathered by the threads about the same account will be merged later.
Merge and sort data
When the threads are collecting information from the domain controllers and adding it to the data list, the list has (when there are 5 domain controllers) five rows with information about the same user. The user interface compares these five rows and saves the information of the row with the most updated last logon date, except for empty columns where other rows do have data. After processing a whole data block, it will display the merged and sorted information to the user in the scan results.
 |
 |
ADDITIONAL INFORMATION
|
|
