If good housekeeping isn’t applied when working with a database like Active Directory (AD) overtime objects can become obsolete and stale, and ultimately need to be removed. Especially when it comes to user account objects for security reasons.
I’m going to share here how I’ve automated the process for finding and highlighting/removing unused or stale objects with AD, including OU’s, Users, Groups and GPO.
GPOS = Get-GPO -All
foreach($GPO in $GPOS) {
If($GPO| Get-GPOReport -ReportType XML | Select-String -NotMatch) {
Write-Host $GPO.DisplayName
}
}