Archived from groups: microsoft.public.win2000.active_directory (More info?)

I am looking for a script or program i can run that will tell me when
the last time a computer has logged into the domain. Not user objects
but computer object. we have alot of old computer names in out active
directory that are no l onger in use and i would like to clear them
out.

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Activ [...] 51363.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1746888

Archived from groups: microsoft.public.win2000.active_directory (More info?)

My advice would be to check the last time this computer account's password
was changed. Computers update their account passwords on a regular basis,
and account with a password outdated more than 30 days is most likely a dead
account.

--
Dmitry Korolyov [d__k@removethispart.mail.ru]
MVP: Windows Server - Directory Services


"bolbort" <UseLinkToEmail@WindowsForumz.com> wrote in message
news:3_1746888_5da101d12b583f0452008c105fa31d1e@windowsforumz.com...
>I am looking for a script or program i can run that will tell me when
> the last time a computer has logged into the domain. Not user objects
> but computer object. we have alot of old computer names in out active
> directory that are no l onger in use and i would like to clear them
> out.
>
> --
> Posted using the http://www.windowsforumz.com interface, at author's
> request
> Articles individually checked for conformance to usenet standards
> Topic URL:
> http://www.windowsforumz.com/Activ [...] 51363.html
> Visit Topic URL to contact author (reg. req'd). Report abuse:
> http://www.windowsforumz.com/eform.php?p=1746888

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi,

Check out Joe Richard's utility to manage old computer accounts:

http://www.joeware.net/win/fre­e/tools/oldcmp.htm

By default the system resets computer passwords every 30 days. If pwdLastSet
corresponds to a date 50 days in the past, then the computer has not been
connected to the domain in at least 20 days. The lastLogin attribute is more
difficult to deal with because it is not replicated. Any program to retrieve
the lastLogon for computers will have to query every Domain Controller in
the domain to be certain of finding the largest (latest) value.

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab web site - http://www.rlmueller.net
--
"Dmitry Korolyov [MVP]" <d__k@removethispart.mail.ru> wrote in message
news:%23LI86wNfFHA.2156@TK2MSFTNGP14.phx.gbl...
> My advice would be to check the last time this computer account's password
> was changed. Computers update their account passwords on a regular basis,
> and account with a password outdated more than 30 days is most likely a
dead
> account.
>
> --
> Dmitry Korolyov [d__k@removethispart.mail.ru]
> MVP: Windows Server - Directory Services
>
>
> "bolbort" <UseLinkToEmail@WindowsForumz.com> wrote in message
> news:3_1746888_5da101d12b583f0452008c105fa31d1e@windowsforumz.com...
> >I am looking for a script or program i can run that will tell me when
> > the last time a computer has logged into the domain. Not user objects
> > but computer object. we have alot of old computer names in out active
> > directory that are no l onger in use and i would like to clear them
> > out.
> >
> > --
> > Posted using the http://www.windowsforumz.com interface, at author's
> > request
> > Articles individually checked for conformance to usenet standards
> > Topic URL:
> >
http://www.windowsforumz.com/Activ [...] 51363.html
> > Visit Topic URL to contact author (reg. req'd). Report abuse:
> > http://www.windowsforumz.com/eform.php?p=1746888
>
>

Archived from groups: microsoft.public.win2000.active_directory (More info?)

try this script.
you can change the "C:\Domain_computers\DCList.txt" to what ever you want-
it must hold your DC's names

The InacativePC's.txt is what the script will generate.
The Call.Object.....Delete is commented out, if you want it to automatically
deleted the machines just un comment.
The intAccountAge can be 30, 60 , 90, 120 etc....

Const ForReading = 1
Const ForWriting = 2
Dim objFSO, objCompFile, objDCFile, objDomain, objComp, objNTComp
Dim strCompFile, strDCFile
Dim strDomain, strDCList
Dim intSecInADay, intAccountAge

strCompFile = "C:\Domain_computers\InactivePCs.txt"
strDCFile = "C:\Domain_computers\DCList.txt"
strDomain = "domain"

Set objFSO = CreateObject("Scripting.FileSystemObject" )
Set objCompFile = objFSO.OpenTextFile(strCompFile, ForWriting, TRUE)
Set objDCFile = objFSO.OpenTextFile(strDCFile, ForReading)
Set objDomain = GetObject("WinNT://" & strDomain)
objDomain.Filter = Array("Computer" )
strDCList = objDCFile.ReadAll()
intSecInADay = 60 * 60 * 24
intAccountAge = 90

For Each objComp In objDomain
Set objNTComp = GetObject("WinNT://" & strDomain & "/" & objComp.Name &
"$" )
If (objNTComp.PasswordAge > intSecInADay * intAccountAge) Then
If InStr(1, strDCList, objComp.Name, vbTextCompare) = 0 Then
'Call objDomain.Delete("Computer", objComp.Name)
objCompFile.Writeline objNTComp.Name & "-- computer account has
been deleted"
End If
End If
Next

--
aaron
A+,NET+,MCSE 2K/2K3,CNA,CCNA



"Richard Mueller [MVP]" <rlmueller-NOSPAM@ameritech.NOSPAM.net> wrote in
message news:%237sovZSfFHA.484@TK2MSFTNGP14.phx.gbl...
> Hi,
>
> Check out Joe Richard's utility to manage old computer accounts:
>
> http://www.joeware.net/win/fre­e/tools/oldcmp.htm
>
> By default the system resets computer passwords every 30 days. If
> pwdLastSet
> corresponds to a date 50 days in the past, then the computer has not been
> connected to the domain in at least 20 days. The lastLogin attribute is
> more
> difficult to deal with because it is not replicated. Any program to
> retrieve
> the lastLogon for computers will have to query every Domain Controller in
> the domain to be certain of finding the largest (latest) value.
>
> --
> Richard
> Microsoft MVP Scripting and ADSI
> Hilltop Lab web site - http://www.rlmueller.net
> --
> "Dmitry Korolyov [MVP]" <d__k@removethispart.mail.ru> wrote in message
> news:%23LI86wNfFHA.2156@TK2MSFTNGP14.phx.gbl...
>> My advice would be to check the last time this computer account's
>> password
>> was changed. Computers update their account passwords on a regular basis,
>> and account with a password outdated more than 30 days is most likely a
> dead
>> account.
>>
>> --
>> Dmitry Korolyov [d__k@removethispart.mail.ru]
>> MVP: Windows Server - Directory Services
>>
>>
>> "bolbort" <UseLinkToEmail@WindowsForumz.com> wrote in message
>> news:3_1746888_5da101d12b583f0452008c105fa31d1e@windowsforumz.com...
>> >I am looking for a script or program i can run that will tell me when
>> > the last time a computer has logged into the domain. Not user objects
>> > but computer object. we have alot of old computer names in out active
>> > directory that are no l onger in use and i would like to clear them
>> > out.
>> >
>> > --
>> > Posted using the http://www.windowsforumz.com interface, at author's
>> > request
>> > Articles individually checked for conformance to usenet standards
>> > Topic URL:
>> >
> http://www.windowsforumz.com/Activ [...] 51363.html
>> > Visit Topic URL to contact author (reg. req'd). Report abuse:
>> > http://www.windowsforumz.com/eform.php?p=1746888
>>
>>
>
>