Do you delete computer accounts from Active Directory?

Last updated by Chris Schultz [SSW] almost 2 years ago.See history

Keeping your Active Directory environment tidy is helpful to keep things running smoothly, but it is also important to improve your security posture.

Computer accounts in AD are similar to user accounts - they can be used to access other systems and data in your domain. Since computer accounts do not hold any useful information, it is safe to delete them when a computer is decommissioned. It is also very easy to re-join a computer to the domain if needed, so there is no reason to leave computers in a "disabled" state.

disabled pcs
Bad example: Disabled computers in AD

enabled pcs
Good example: Only enabled, current computers

We open source. Powered by GitHub