Active Directory inactive users and computers report

ADManager Plus helps you to find all inactive or unused Active Directory (AD) objects such as user accounts and computers. It lists all AD accounts which have not logged on to any Windows 2012, 2016, 2019, 2022, or 2025 domain during a specified period of time. ADManager Plus scans each domain controller to determine the last logon time of every user and computer object present in the specified domains or organizational units (OUs) and lists those that do have any logon activity during the specified period.

Unlike the native AD tools, this web-based AD management tool lets you perform all these actions without any PowerShell scripts. Easily clean up or manage (e.g., delete, disable, or move) inactive AD accounts right from the reports with simple point-and-click actions. For insights on active users, use the active AD users report.

Why finding inactive AD users and computers matters

Over time, organizations accumulate user and computer accounts that are no longer in use because of retired devices, abandoned test accounts, or employees who have left. These inactive accounts can become potential security risks if not managed properly, as they may still have access to resources, group memberships, or permissions that attackers could exploit. This also increases administrative overhead and complicates compliance audits. Regularly identifying and cleaning up such accounts helps maintain an accurate, secure, and clutter-free AD environment.

How to identify and manage inactive users and computers

ADManager Plus simplifies the process of identifying, reporting, and cleaning up dormant accounts with a comprehensive set of features:

• Generate inactive users list
• Generate inactive computers list
• Delete, disable, or move inactive users and computers, in bulk
• Automate inactive user and computer reports

Inactive Users report

This report helps you track all dormant or unused AD user accounts based on their true last logon time. To generate the report, simply specify the period for checking logon activity and select the container (whether domains or OUs) from which you want to fetch inactive users; the tool will display all users who have been inactive for the specified time period, along with details such as their last logon time and account status. View a detailed guide to find and remove inactive users.

Inactive Computers report

This report enables you to track all computer objects in AD with no logon activity during the specified time frame. The unused computer accounts are tracked based on the values in their lastLogon and pwdLastSet attributes. To generate this report, specify the domains or OUs from which you wish to identify the inactive computers and specify the time period for which you wish to check the logon activity; the tool will list all computer accounts with no logon activity during that period.

Manage inactive users and computers

ADManager Plus's on-the-fly AD management capabilities allow you to manage or clean up inactive or unused user and computer accounts in bulk directly from the reports. Once you generate the inactive users or computers report, you can select desired objects and delete, disable, or move them to a different OU, or even enable any disabled accounts using management options right within the report.

Management options in inactive users and computer reports

Here are some of the management actions that can be performed from ADManager Plus' reports:

• Disable all the selected accounts from the list of inactive users or computers in the report.
• Move all the desired inactive user or computer accounts, at once, to another OU. View the steps to move user accounts from one OU to another in bulk.
• Delete one, many, or all unused user and computer accounts in bulk, right from the inactive report.
• Enable the desired disabled user or computer accounts.

The inactive and unused users and computers report displays a specific set of attributes by default. These reports can also be customized as needed to include details like creation date, account status, last logon time, last logoff time, group memberships, OS, and more.

Automating inactive user and computer reports

To further streamline inactive account management, ADManager Plus offers robust automation capabilities that eliminate repetitive, manual intervention. By leveraging its built-in scheduler, admins can configure automated reports that routinely scan AD for inactive user accounts and deliver the results directly via email.

In addition to detection, ADManager Plus allows workflows to automate critical follow-up actions, like disabling, deprovisioning, or moving inactive accounts right after they're discovered. These automation features not only reduce the risk of leaving dormant accounts unmanaged, but also ensure a consistent and proactive approach to AD hygiene, helping meet both security and compliance goals.

ADManager Plus' prepackaged AD reports

Besides inactive users and computers reports, ADManager Plus' completely script-free AD reporter also includes reports such as:

• Logon reports: View active and enabled AD users, logon hour-based users, recently logged on users, and more.
• Account status reports: Identify disabled, expired, locked out, recently created, modified, or deleted accounts, and more.
• Password reports: View password expired users, users whose passwords have not been changed during a specified period, users whose passwords are about to expire, and more.

Explore all the 200+ prebuilt AD reports in ADManager Plus using the 30-day, free trial.