Remove Old Objects From AD and SCCM

By Garth Jones

System Center Configuration Manager (SCCM) is a huge product and the easiest way to get all clients into SCCM is to enable AD System Discovery (ADSD) which will discover all devices within the domain. However, doing this can expose issues that already exist within Active Directory (AD).

When ADSD is enabled, ConfigMgr Administrators generally discover the entire domain or a major OU structure. Admins are amazed to see the sheer number of PCs discovered by ADSD, however, upon further inspection they notice that these “extra” PCs are in fact old PCs that are no longer active on the network.

At one client that I was working with they expected to see about 5,000 PCs, but instead when ADSD was completed they found over 25,000 PCs.

Why is there a difference in the number of PCs? The problem arises when organizations don’t have a good PC decommissioning process in place. They might have a process to physically dispose of a PC, but they forget to remove the PC from AD and sometimes SCCM too. This is an important part of the decommissioning process. Without removing decommissioned PCs from AD, it leaves AD in a “dirty” state with lots of stale PCs that are no longer active.

Once people discover this problem they want to fix it, but there isn’t a built-in mechanism within SCCM to clean stale PCs from AD.

To help in this regard, the Windows Management Experts team has written a script to clean-up AD and SCCM of stale PC records. You can download the script from their site using the link below.


Remove Old Objects from AD and SCCM