CleanupMonster

This module provides an easy way to cleanup Active Directory from dead/old objects based on various criteria. It can also disable, move or delete objects. It can utilize Azure AD, Intune and Jamf to get additional information about objects before deleting them.

Stars138

Forks18

Open issues0

PowerShell Gallery downloads25529

Releasev3.1.7

Language: PowerShell Updated: 2026-03-10T14:49:12.0000000+00:00

Curated Examples

Preview service-account cleanup

Use CleanupMonster to review managed service account cleanup with low limits.

This pattern is useful when cleaning stale MSA or gMSA objects and you want explicit guardrails.

It is adapted from Examples/CleanupServiceAccounts.ps1.

Example

Import-Module CleanupMonster

$reportPath = Join-Path $PSScriptRoot 'Reports\ServiceAccountsPreview.html'

Invoke-ADServiceAccountsCleanup `
    -Disable `
    -Delete `
    -DisableLastLogonDateMoreThan 90 `
    -DeleteLastLogonDateMoreThan 180 `
    -DisableLimit 2 `
    -DeleteLimit 1 `
    -SafetyADLimit 10 `
    -IncludeAccounts 'gmsa-*', 'msa-*' `
    -ExcludeAccounts 'gmsa-keep-*' `
    -ReportOnly `
    -WhatIfDisable `
    -WhatIfDelete `
    -ReportPath $reportPath

What this demonstrates

separating disable and delete thresholds
using explicit account filters
keeping action limits low for review

Source

CleanupServiceAccounts.ps1