Managing AppStream 2.0 Computer Objects in Active Directory

AppStream 2.0 does not delete computer objects from Active Directory. These computer objects can be easily identified in your directory. Each computer object in the directory is created with the Description attribute, which specifies a fleet or an image builder instance and the name.

You can identify and delete inactive computer objects created by AppStream 2.0 by using the following dsquery computer and dsrm commands. For more information, see Dsquery computer and Dsrm in the Microsoft documentation.

The dsquery command identifies inactive computer objects over a certain period of time and uses the following format. The dsquery command should also be run with the parameter -desc "AppStream 2.0*" to display only AppStream 2.0 objects.

dsquery computer "OU-distinguished-name" -desc "AppStream 2.0*" -inactive number-of-weeks-since-last-login

For example, the following command displays all computer objects in the OU=ExampleOU,DC=EXAMPLECO,DC=COM organizational unit that have not been logged into within the past two weeks.

dsquery computer OU=ExampleOU,DC=EXAMPLECO,DC=COM -desc "AppStream 2.0*" -inactive 2

If any matches are found, the result is one or more object names. The dsrm command deletes the specified object and uses the following format:

dsrm objectname

Where objectname is the full object name from the output of the dsquery command. For example, if the dsquery command above results in a computer object named "ExampleComputer", the dsrm command to delete it would be as follows:

dsrm "CN=ExampleComputer,OU=ExampleOU,DC=EXAMPLECO,DC=COM"

You can chain these commands together by using the pipe (|) operator. For example, to delete all AppStream 2.0 computer objects, prompting for confirmation for each, use the following format. Add the -noprompt parameter to dsrm to disable confirmation.

dsquery computer OU-distinguished-name -desc "AppStream 2.0*" –inactive number-of-weeks-since-last-log-in | dsrm