Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Purging old computer accounts in AD

Status
Not open for further replies.
rcn66

rcn66

IS-IT--Management
Joined
Nov 10, 2004
Messages
14
Location
US
Is there a way within Active Directory to purge old computer accounts?

We've upgraded our network to W2K3 several months ago and have many, many machines being reported in AD that are no longer on the network or have been renamed. It would be nearly impossible for me to manually delete these records.

Thank you in advance for any help.
 
Sort by date Sort by votes
dsquery, dsmod can bascially help you to remove a computer account.

but it cannot pick up the computer account which haven't used for a period of time.

i guess you need to script the computer logon attribute to remove it.

---------------------------------------
Sr. Directory Services/Exchange Consultant
 
Upvote 0 Downvote
You can buy AD Janitor, which will identify old computer accounts.

Or you can use the free method that I use...

1) Copy the code below to a file called GetOldInt8.vbs
2) Run VBScript:
cscript GetOldInt8.vbs 120
3) Take resulting Integer8 date and put it into a custom LDAP query:
(&(objectClass=computer)(pwdLastSet<=[blue]Integer8 Number[/blue]))

4) In ADUC, Create a New Query in Saved Queries.
5) Click on the Define Query Button.
6) Select custom query from the combo box, then select the Advanced tab.
7) Insert the LDAP query in the Box. Click OK 2x.

At this point you will get a list of all computers that have not changed their passwords in 120 days. Disable the computer accounts and place them in a temporary OU for at least 30 days to make sure that no one is using the system.

Code: 
' GetOldInt8.vbs
'
' VBScript that will take a positive integer and subtract that number
' of days from the current day and time, then convert that date to 
' an Integer8 value.  This script was created specifically to assist
' in LDAP lookups of stale accounts, because the pwdLastChanged attribute
' is stored in AD as an Integer8 value.
'
' Changes: Added variables "TodaysDate" and "NumDays".  Modified help
' to show new syntax.  Added code segment to acquire today's date And
' time and subtract n days from it.  Pass date piece to the rest of
' the script.
' ----------------------------------------------------------------------
' Notes from original code version by Richard L. Mueller
' ----------------------------------------------------------------------
' DateToInteger8.vbs
' Copyright (c) 2004 Richard L. Mueller
' Hilltop Lab web site - [URL unfurl="true"]http://www.rlmueller.net[/URL]
' Version 1.0 - June 11, 2004
'
' You have a royalty-free right to use, modify, reproduce, and
' distribute this script file in any way you find useful, provided that
' you agree that the copyright owner above has no warranty, obligations,
' or liability for such use.
'
'
' VBScript program demonstrating how to convert a datetime value to
' the corresponding Integer8 (64-bit) value. The Integer8 value is the
' number of 100-nanosecond intervals since 12:00 AM January 1, 1601,
' in Coordinated Universal Time (UTC). The conversion is only accurate
' to the nearest second, so the Integer8 value will always end in at
' least 7 zeros.

Option Explicit

Dim dtmDateValue, dtmAdjusted, lngSeconds, str64Bit
Dim objShell, lngBiasKey, lngBias, k, TodaysDate
Dim NumDays

If Wscript.Arguments.Count <> 1 Then
  Wscript.Echo "Required argument <DateTime> missing"
  Wscript.Echo "For example:"
  Wscript.Echo ""
  Wscript.Echo "cscript DateToInteger8.vbs ""2/5/2004 4:58:58 PM"""
  Wscript.Echo ""
  Wscript.Echo "If the date/time value has spaces, enclose in quotes"
  Wscript.Quit
End If

NumDays = WScript.Arguments(0)
NumDays = 0 - NumDays
TodaysDate = CDate(Now())
dtmDateValue = DateAdd("d", NumDays, TodaysDate)
WScript.Echo dtmDateValue

'dtmDateValue = CDate(Wscript.Arguments(0))

' Obtain local Time Zone bias from machine registry.
Set objShell = CreateObject("Wscript.Shell")
lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
  & "TimeZoneInformation\ActiveTimeBias")
If UCase(TypeName(lngBiasKey)) = "LONG" Then
  lngBias = lngBiasKey
ElseIf UCase(TypeName(lngBiasKey)) = "VARIANT()" Then
  lngBias = 0
  For k = 0 To UBound(lngBiasKey)
    lngBias = lngBias + (lngBiasKey(k) * 256^k)
  Next
End If

' Convert datetime value to UTC.
dtmAdjusted = DateAdd("n", lngBias, dtmDateValue)

' Find number of seconds since 1/1/1601.
lngSeconds = DateDiff("s", #1/1/1601#, dtmAdjusted)

' Convert the number of seconds to a string
' and convert to 100-nanosecond intervals.
str64Bit = CStr(lngSeconds) & "0000000"
Wscript.Echo str64Bit

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
1K
suncit
suncit
DrB0b
  • Locked
  • Question Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
1K
DrB0b
DrB0b
ravalos
  • Locked
  • Question Question
Problem with PDFs in IIS
Replies
1
Views
2K
gbaughma
gbaughma
DrB0b
  • Locked
  • Question Question
Hybrid on prem AD with Azure AD
Replies
2
Views
607
DrB0b
DrB0b
Aquiles Vidal
  • Locked
  • Question Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
911
Aquiles Vidal
Aquiles Vidal

Part and Inventory Search

Sponsor

Back
Top