Active Directory Cleanup Tool
- This tool runs a scan to compare device object data in SCCM and AD in order to show where devices are located. It can be filtered by Domain, OU and Collection:
Where the tool is located
In the Assets and Compliance section of ConfigMgr, click on the Active Directory Cleanup Tool under the Recast Software Node.
Once results are returned, if a device is properly located in both AD and ConfigMgr, it will fall under the 'both' category. Devices located only in AD will fall under the Active Directory category, and devices only in ConfigMgr will fall into the ConfigMgr category. The chart is interactive, and if you select a portion of the chart it will populate the devices belonging to that group in the bottom window.
The chart in the bottom window provides information related to the device object from both Active Directory and ConfiMgr. Scroll to the right to access all of the available data. Note: Devices not found in ConfiMgr will not have data populated in windows pertaining to ConfiMgr, and likewise devices not found in AD will be missing data that pulls from AD.
- Results can be exported to CSV (via the button at the bottom right of the page).
AD Cleanup Tool Actionable Results
- As with all of the RCT Security and Compliance Dashboards, these results are actionable with Right Click Tools (and support multi-select):
The Active Directory Cleanup Tool requires the following permissions:
The Active Directory Cleanup Tool requires the Query AD permission in the Active Directory plugin. Additionally, it requires the Add or Remove Account from Group permission in the Active Directory plugin if it's desired to use the Add New Direct Group or Remove from Group features of the tool.
The Active Directory Cleanup tool requires read rights to Active Directory OUs and their computer objects contained within for the specific domain. It also needs read rights to Configuration Manager Device Collections, the ability to query collection membership, and read rights to the Configuration Manager devices themselves.
If you have entered the configmgr database information by entering the database information in the Configure Recast RCT application or the Recast Management server, you will need to have at least "Read Only" Access to the configmgr SQL Database.