Active Directory Cleanup

Over time, user and computer accounts become obsolete or redundant which raises the need to eliminate them. The Active Directory Cleanup Wizard is a utility which is developed to eliminate such redundant or duplicate object accounts by merging them. Duplicate user and computer objects usually result when multiple directories are migrated to a new domain or the Active Directory is upgraded to a new server.

The Active Directory Cleanup Wizard, searches for such redundant objects or accounts and merges them. All the accounts, their attributes and properties are merged into a single user account so as to remove duplicity from the AD database. This in turn helps is improving the performance of the Exchange servers.

The functionalities of the Active Directory Cleanup Wizard can be summarized as follows:

• It identifies all the duplicate objects to be merged by searching in the Windows NT accounts
• Reviews and modifies the merge operations after the selection of accounts
• Exports and imports list of accounts so that administrators can save the details of the merge operation as a .csv file for the purpose of review.
• order to run the wizard, command line tools can be used.

One must not forget that Active Directory Cleanup Wizard cannot be used for cleaning up the server metadata. In fact, to perform this particular task another utility, ntdsutil.exe is used. Ntdsutil.exe is a command line tool that is primarily meant for metadata cleanup procedure. This utility is a default tool installed on each domain controller. In the entire procedure of metadata cleanup, every Active Directory data used to recognize the domain controller during the replication procedure is removed. The metadata cleanup procedure is very much appropriate, but only for those domain controllers which were not demoted using the utility dcpromo.exe.

On a domain controller that is running Windows Server 2003 with Service Pack 1 (SP1), if one runs ntdsutil.exe, then it can also remove File Replication Service (FRS) connections. In addition, the procedure also transfers the FSMO roles (master operation roles) held by the demoted domain controllers.

Here are necessary steps that you need to follow in order to carry out a metadata cleanup method:

To clean up server metadata:

1. Open a command prompt.
2. Type the following command, and then press Enter: ntdsutil
3. At the ntdsutil: prompt, make sure one type: metadata cleanup
4. At the metadata cleanup: prompt, type: remove selected server ServerName Or remove selected server ServerName1 on ServerName2
5. In order to confirm whether the server has removed or not, type list servers in site, and then press Enter.
6. Make sure that the domain controller that you are looking to remove is not displayed in the command output.
7. At the metadata cleanup: and ntdsutil: prompts, type: quit