Microsoft has good command shell tools for managing AD from the command line. You will need to install the Windows Server Administration Tools apppropriate for your AD and OS on your server or workstation that you use to manage objects. Use DSQUERY and DSMOVE to find and move computer objects to a new OU based on how stale is the account. This example uses 12 weeks.

dsquery computer CN=Computers,DC=Example,DC=Domain -inactive 12 -scope subtree -limit 60000|dsmove -newparent OU=NewOU,DC=Example,DC=Domain -domain DC=Example,DC=Domain

Change the weeks inactive and limit values as needed. Note that containers can be CN or OU and you will need to check. DSQUERY is good for demistifying all that. You can use dsmod to modify attribute such as set disabled/enabled I use DSQUERY to query the distinguished name of an object and pipe it to the second command as an easy method of grabbing distinguished names. Wrapping it all up in a shell script with logging is suggested so you can review/audit what was done. ------------ You can also use VBScrip or PowerShell to perform similar query / move operations using WMI or .NET calls. However I am a shell scripter and use it by preference. -------------------- Doing those things in your active directory is always possible for you as you are the owner of those computer systems. However, always think of data security and backup before doing and transfer or deletion of any important data from those directories.

Microsoft has good command shell tools for managing AD from the command line. You will need to install the Windows Server Administration Tools apppropriate for your AD and OS on your server or workstation that you use to manage objects. Use DSQUERY and DSMOVE to find and move computer objects to a new OU based on how stale is the account. This example uses 12 weeks. <pre>dsquery computer CN=Computers,DC=Example,DC=Domain -inactive 12 -scope subtree -limit 60000|dsmove -newparent OU=NewOU,DC=Example,DC=Domain -domain DC=Example,DC=Domain</pre> Change the weeks inactive and limit values as needed. Note that containers can be CN or OU and you will need to check. DSQUERY is good for demistifying all that. You can use dsmod to modify attribute such as set disabled/enabled I use DSQUERY to query the distinguished name of an object and pipe it to the second command as an easy method of grabbing distinguished names. Wrapping it all up in a shell script with logging is suggested so you can review/audit what was done. ------------ You can also use VBScrip or PowerShell to perform similar query / move operations using WMI or .NET calls. However I am a shell scripter and use it by preference. -------------------- Doing those things in your active directory is always possible for you as you are the owner of those computer systems. However, always think of data security and backup before doing and transfer or deletion of any important data from those directories.