The Active Directory Cleanup Dashboard compares device object data in your Configuration Manager and Active Directory to show where devices are located. The dashboard pulls information from your ConfigMgr SQL database as well as Active Directory. As with all Right Click Tools Security and Compliance dashboards, the displayed results are actionable with Right Click Tools (and support multi-select).
For a video walkthrough, see AD Cleanup Dashboard on on our YouTube channel.
Common Use Cases
- Checking that computers are in the correct collections
Run an AD Cleanup Scan
An AD Cleanup scan compares data in OUs with the collections in which they should appear.
To run an AD Cleanup scan:
1. In your Configuration Manager console, navigate to Assets and Compliance > Recast Software > Active Directory Cleanup Tool.
2. Click in the OUs field and enter one or more Domains, use the Search tool, or select OUs using the picker.
3. Click in the Collections field and enter a Site Code and SMS Provider, use the Search tool, or select collections using the picker.
4. Click Scan.
Create a Snapshot or Trend
A dashboard snapshot lets you capture the state of your system at a single point in time. This functionality is available on the AD Cleanup Web Dashboard. You can view AD Cleanup data over a set period of time by creating an AD Cleanup Web Dashboard Trend.
AD Cleanup Charts
Click on a segment of the chart to view its associated details.
Results can be filtered by Domain, OU and Collection.
Results can be downloaded by clicking Export to CSV at the bottom right of the page.
Actionable Results
You can run Right Click Tools actions for single or multi-selected devices.
Recast Permissions
| Active Directory | Add Account to Group, Remove Account from Group |
| Installed Software | Active Directory Cleanup Tool |
Microsoft Permissions
The Active Directory Cleanup tool requires read rights to Active Directory OUs and their computer objects contained within for the specific domain. It also needs read rights to Configuration Manager Device Collections, the ability to query collection membership, and read rights to the Configuration Manager devices themselves.
If you have entered the ConfigMgr database information in Recast Management Server or the Configure Recast Console Extension application, you will need to have at least "Read Only" Access to the ConfigMgr SQL Database.