I am going to be using some DSQUERY/DSMOVE scripts to clean up my AD Domin. One option is to move inactive objects to a OU that has restrictive GPOs applied to it.
Something like:
DSQUERY computer -inactive 10 | DSMOVE -newparent <distinguished name of target OU>
My question is what value defines an object, both user and computer, as "inactive" for a period of time? Is it the last time a computer was logged on to for computer accounts, and for users is it the last time that the user account logged on to a computer?
But what if, say for example, I had a web server that wasn't rebooted and or logged into for a couple of months but remain powered on and functioning as normal, would it be defined as "inactive" where as technically it's still serving web pages and so on?
Thanks for the help!
Best Answer
Well, if you run
dsquery user /?it tells you thisFor computers, it just says 'stale', so we can assume it's the same thing - amount of time since the domain has seen that computer account get authenticated.
For your hypothetical, I'm sure a powered-on and well-connected computer would not show up as stale. There's things like GPO refresh and Kerberos timeouts that cause activity in the background, I'm sure those would refresh whatever 'stale' counter exists.