We're currently building and refining our Knowledge Center. You may encounter layout issues, styling inconsistencies, or minor technical quirks as we finalize the platform.

How to scan disabled Active Directory users and computers

Updated
  • Updated on Mar 24, 2026
  • Published on Feb 18, 2026
  • 2 minute(s) read
  • SG
  • NB
 Prev Next

Disabled AD user and computer scanning is a feature introduced in Lansweeper 7.2. You will need to update your installation if you are running a lower Lansweeper version.

From version 7.2 onward, each Lansweeper scanning server can be configured to scan Active Directory users and computers that have been disabled in AD. In prior Lansweeper versions, AD objects were ignored during scanning if they were disabled.

This article explains how to enable scanning of disabled AD users and computers and how to view the results.

Enable scanning of disabled Active Directory users and/or computers

  1. Go to Scanning > Scanning Targets > On-Premises Active Directory Scanning Options.
  2. In the Scanning Scope section, enable one or more of the options below, depending on whether what you want to scan.
  • Scan LastLogon attribute of users in on‑premises Active Directory
    Enabling this option retrieves each user’s LastLogon attribute.
    Note: this may impact performance because scanning users can take longer.
  • Refresh on‑premises Active Directory computer details (OU, Description, …)
    When enabled, Lansweeper refreshes computer details discovered during Active Directory scans.
    This update occurs during the data clean‑up schedule.
  • Refresh on‑premises Active Directory user details (Department, Telephone, …)
    When enabled, user details discovered during Active Directory scans are refreshed.
    This update also runs during the data clean‑up schedule.
  • Ignore non‑Windows assets for computer path scans
    During a computer path scan, discovered assets are normally scanned to gather additional information.
    If enabled, non‑Windows assets will be ignored and not scanned further, which may result in limited data for those assets.
  • Scan full list of user security groups
    When enabled, all security groups associated with users in Active Directory are scanned and linked to those users.
  1. If the AD options above are greyed out, scroll down and make sure the "remove computers disabled..." and "remove users disabled..." options are unchecked.

Scan disabled Active Directory users and/or computers

  1. Go to Scanning > Scanning Targets and add the below scanning targets.

These targets connect directly to Active Directory to retrieve the user and computer objects.

  • For computers, the scan type will be an Active Directory Computer Path. More information on this target type and how to set it up can be found in this article.
  • For users, the scan type will be an Active Directory User Path. More information on this target type and how to set it up can be found in this article.
  1. Afterward, click Scan Now next to these targets to scan them.

View the scanning results

  1. Go to the Reports menu and search for "enabled/disabled". There are two reports that list AD computers and users and whether they're enabled or disabled.
    • Individual computer and user webpages also show the object's Active Directory status.
    • Disabled Active Directory computers are very likely to have a scanning error. Their Active Directory status will prevent them from being logged onto the network and will therefore prevent them from being scanned directly.
Related articles

Contact

Copyright © 2026 Lansweeper

Trust Center

Privacy Policy

Cookie declaration

Terms of Service

Reselling Terms