"There has to be a quicker way..."
There is...there are. One possible solution: a vbscript that queries your domain for computers with machine account passwords that haven't changed in...6 months? a year?whatever criterion works for you.
Here is a sample. In active directory, you should use the LDAP provider instead of the //winnt provider. Modify as needed
****
'---begin script routine
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8
Dim objFSO, objCompFile, objDCFile, objDomain, objComp, objNTComp
Dim strCompFile, strDCFile
Dim strDomain, strDCList
Dim intSecInADay, intAccountAge
Dim shell
strCompFile = "C:\InactivePCsDeleted.txt"
strDCFile = "C:\DCList.txt"
strDomain = "domain" '-------> enter your domain name here...
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objCompFile = objFSO.OpenTextFile(strCompFile, ForAppending, TRUE)
Set objDCFile = objFSO.OpenTextFile(strDCFile, ForReading)
Set objDomain = GetObject("WinNT://" & strDomain)
set shell = Wscript.CreateObject ("wscript.shell")
objDomain.Filter = Array("Computer")
strDCList = objDCFile.ReadAll()
intSecInADay = 60 * 60 * 24
intAccountAge = 120
For Each objComp In objDomain
Set objNTComp = GetObject("WinNT://" & strDomain & "/" & objComp.Name & "$")
If (objNTComp.PasswordAge > intSecInADay * intAccountAge) Then
If InStr(1, strDCList, objComp.Name, vbTextCompare) = 0 Then
''Call objDomain.Delete("Computer", objComp.Name) 'unremark when ready to delete accounts
objCompFile.Writeline objNTComp.Name & " ----> " & "-- computer account has been deleted"' '& '(objNTComp.PasswordAge/intSecInADay)
shell.Popup objComp.Name & " was deleted. ",1,"FYI..."
End If
End If
Next
Msgbox "Script is done." 'provide feedback to alert admin when script is finished.
