Administration

Administrating Specops Active Directory Janitor

Tasks

You can scan computers and users to find outdated or unused computer or user accounts in Active Directory.

Scan computers

Open Specops Active Directory Janitor.
In the navigation pane, select Scan computers under Tasks. If the tasks pane is collapsed, click to expand.
From the Selected Domain dropdown, select a specific domain to scan.
You will need to select where to look for accounts. You can either:

Pick accounts manually:
- To select a specific computer account to scan, type the name of the account in the Account name field.
- Click Add.
- Once a scope is selected, Active Directory Janitor counts objects and presents a confirmation message. Click OK to continue.
Pick accounts from Active Directory:
- Browse to the Organizational Unit you want to add.
- Enable Include accounts in sub containers to include sub containers.
- Click Add.
- Once a scope is selected, Active Directory Janitor counts objects and presents a confirmation message. Click OK to continue.
Import text file:
- To import a list of accounts from a text file, enter the file name or browse to the location of the file. Note: Account name must be in the leftmost column of the file.
- Click Add.
- Once a scope is selected, Active Directory Janitor counts objects and presents a confirmation message. Click OK to continue.
Click Select properties to select the properties to scan on the computers.
Click Start scanning.
When the scanning is complete, you can view the results.

Note

You can sort the result by clicking on the category headings.
Once you have viewed the results, you can perform the following actions on the account:
Note

If a valid License Key has not been provided, only partial data will be available. Disable Selected: Disabling an account prevents the account from being authenticated via Active Directory. Disabled accounts can be enabled at a later time. Disabling an account does not remove SIDs, group memberships, or any other right given to the account.
- Right-click on the appropriate account.
- Click Disable selected.
Enable Selected: Enabling an account allows the account to be authenticated via Active Directory.
- Right-click on the appropriate account.
- Click Enable selected.
Delete Selected: Deleting an account will permanently delete all permissions and memberships associated with that user account.
- Right-click on the appropriate account.
- Click Delete Selected.
Move Selected: The account can be moved to another Organization Unit.
- Right-click on the appropriate account.
- Click Move Selected.
To export toggled account information to a text file:
- Select the desired accounts one at a time, or click-ctrl-click to multi-select.
- Click Export Selected.
- Enter an appropriate file name, and click Save.

Scan users

Open Specops Active Directory Janitor.
In the navigation pane, Scan users under Tasks.
From the Selected Domain dropdown, select a specific domain to scan.
You will need to select where to look for accounts. You can either:

Pick accounts manually:
1. To select a specific computer account to scan, type the name of the account in the Account name field.
2. Click Add.
3. Once a scope is selected, Active Directory Janitor counts objects and presents a confirmation message. Click OK to continue.
Pick accounts from Active Directory:
1. Browse to the Organizational Unit you want to add.
2. Enable Include accounts in sub containers to include sub containers.
3. Click Add.
4. Once a scope is selected, Active Directory Janitor counts objects and presents a confirmation message. Click OK to continue.
Import text file:
1. To import a list of accounts from a text file, enter the file name or browse to the location of the file. Note: Account name must be in the leftmost column of the file.
2. Click Add.
3. Once a scope is selected, Active Directory Janitor counts objects and presents a confirmation message. Click OK to continue.
Click Select properties to select the properties to scan on the computers.
Click Start scanning.
When the scanning is complete, you can view the results.

Note

You can sort the result by clicking on the category headings.
Once you have viewed the results, you can perform the following actions on the account:

Disable Selected: Disabling an account prevents the account from being authenticated via Active Directory. Disabled accounts can be enabled at a later time. Disabling an account does not remove SIDs, group memberships, or any other right given to the account.
- Right-click on the appropriate account.
- Click Disable selected.
Enable Selected: Enabling an account allows the account to be authenticated via Active Directory.
- Right-click on the appropriate account.
- Click Enable selected.
Delete Selected: Deleting an account will permanently delete all permissions and memberships associated with that user account.
- Right-click on the appropriate account.
- Click Delete Selected.
Move Selected: The account can be moved to another Organization Unit.
- Right-click on the appropriate account.
- Click Move Selected.
To export toggled account information to a text file:
- Select the desired accounts one at a time, or click-ctrl-click to multi-select.
- Click Export Selected.
- Enter an appropriate file name, and click Save.

Options

Domain Controllers

You can specify a Domain and the Domain Controllers to be included in the scan criteria. If one or more DC is not working and should not be used, it can be unchecked.

Open Specops Active Directory Janitor.
In the navigation pane, select Domain controllers under Options.
Select a Domain to view a list of Domain Controllers.
Uncheck the Domain Controllers you do not want contacted during a scan.
Click Apply.

Settings

You can configure custom settings, such as number of concurrent scanning threads, used when scanning computers.

Open Specops Active Directory Janitor.
In the navigation pane, select Settings under Options.
Configure the number of concurrent scanning threads.

Note

The thread count decides how many concurrent threads are used when scanning computers.
If you want Specops Active Directory Janitor to attempt connect to computer even if ping reports that they are unreachable, enable Connect to computers that appear offline.
If you want to check for updates, enable Check for updates at startup.
If you want to turn on logging, enable Turn on logging. Logging can be turned on for troubleshooting purposes.
If you want Specops Active Directory Janitor to integrate with Specops Inventory, enter the Specops Inventory server name in the text field.
Click Apply to save your changes.

Product Management

From the Product Management navigation pane you can:

Check for product updates
Purchase the full version of Active Directory Janitor if you have not already done so
Update your license key

Note

The features available on a trial version of Active Directory Janitor are different than the features available on a fully license version. Administrations cannot perform changes to accounts when using the trial version.