Active Directory Cleanup Tool Dashboard


The Active Directory Cleanup Dashboard runs a scan to compare device object data in SCCM and AD in order to show where devices are located. It can be filtered by Domain, OU and Collection.

How Information is Collected

Information is pulled in from your ConfigMgr SQL database as well as Active Directory.

Where the tool is located

In the Assets and Compliance section of ConfigMgr, click on the Active Directory Cleanup Tool under the Recast Software Node.

AD Cleanup tool Location

Once results are returned,

AD Cleanup Tool screenshot

AD Cleanup Tool Actionable Results

  • As with all of the RCT Security and Compliance Dashboards, these results are actionable with Right Click Tools (and support multi-select):

AD Cleanup screenshot2

Recast Permissions

Active Directory
Add or Remove Account from Group

Microsoft Permissions

The Active Directory Cleanup tool requires read rights to Active Directory OUs and their computer objects contained within for the specific domain. It also needs read rights to Configuration Manager Device Collections, the ability to query collection membership, and read rights to the Configuration Manager devices themselves.

If you have entered the ConfigMgr database information by entering the database information in the Configure Recast RCT application or the Recast Management server, you will need to have at least "Read Only" Access to the ConfigMgr SQL Database.