Purging old computer accounts in AD

[rcn66]

Is there a way within Active Directory to purge old computer accounts?

We've upgraded our network to W2K3 several months ago and have many, many machines being reported in AD that are no longer on the network or have been renamed. It would be nearly impossible for me to manually delete these records.

Thank you in advance for any help.

 

[adcfaq]

dsquery, dsmod can bascially help you to remove a computer account.

but it cannot pick up the computer account which haven't used for a period of time.

i guess you need to script the computer logon attribute to remove it.

---------------------------------------
Sr. Directory Services/Exchange Consultant

http://adcfaq.8m.com/

 

[markdmac]

http://www.windowsitpro.com/Article/ArticleID/43879/43879.html?Ad=1

I hope you find this post helpful.

Regards,

Mark

 

[PScottC]

You can buy AD Janitor, which will identify old computer accounts.

Or you can use the free method that I use...

1) Copy the code below to a file called GetOldInt8.vbs
2) Run VBScript:
cscript GetOldInt8.vbs 120
3) Take resulting Integer8 date and put it into a custom LDAP query:
(&(objectClass=computer)(pwdLastSet<=[blue]Integer8 Number[/blue]))

4) In ADUC, Create a New Query in Saved Queries.
5) Click on the Define Query Button.
6) Select custom query from the combo box, then select the Advanced tab.
7) Insert the LDAP query in the Box. Click OK 2x.

At this point you will get a list of all computers that have not changed their passwords in 120 days. Disable the computer accounts and place them in a temporary OU for at least 30 days to make sure that no one is using the system.

' GetOldInt8.vbs
'
' VBScript that will take a positive integer and subtract that number
' of days from the current day and time, then convert that date to 
' an Integer8 value.  This script was created specifically to assist
' in LDAP lookups of stale accounts, because the pwdLastChanged attribute
' is stored in AD as an Integer8 value.
'
' Changes: Added variables "TodaysDate" and "NumDays".  Modified help
' to show new syntax.  Added code segment to acquire today's date And
' time and subtract n days from it.  Pass date piece to the rest of
' the script.
' ----------------------------------------------------------------------
' Notes from original code version by Richard L. Mueller
' ----------------------------------------------------------------------
' DateToInteger8.vbs
' Copyright (c) 2004 Richard L. Mueller
' Hilltop Lab web site - [URL unfurl="true"]http://www.rlmueller.net[/URL]
' Version 1.0 - June 11, 2004
'
' You have a royalty-free right to use, modify, reproduce, and
' distribute this script file in any way you find useful, provided that
' you agree that the copyright owner above has no warranty, obligations,
' or liability for such use.
'
'
' VBScript program demonstrating how to convert a datetime value to
' the corresponding Integer8 (64-bit) value. The Integer8 value is the
' number of 100-nanosecond intervals since 12:00 AM January 1, 1601,
' in Coordinated Universal Time (UTC). The conversion is only accurate
' to the nearest second, so the Integer8 value will always end in at
' least 7 zeros.

Option Explicit

Dim dtmDateValue, dtmAdjusted, lngSeconds, str64Bit
Dim objShell, lngBiasKey, lngBias, k, TodaysDate
Dim NumDays

If Wscript.Arguments.Count <> 1 Then
  Wscript.Echo "Required argument <DateTime> missing"
  Wscript.Echo "For example:"
  Wscript.Echo ""
  Wscript.Echo "cscript DateToInteger8.vbs ""2/5/2004 4:58:58 PM"""
  Wscript.Echo ""
  Wscript.Echo "If the date/time value has spaces, enclose in quotes"
  Wscript.Quit
End If

NumDays = WScript.Arguments(0)
NumDays = 0 - NumDays
TodaysDate = CDate(Now())
dtmDateValue = DateAdd("d", NumDays, TodaysDate)
WScript.Echo dtmDateValue

'dtmDateValue = CDate(Wscript.Arguments(0))

' Obtain local Time Zone bias from machine registry.
Set objShell = CreateObject("Wscript.Shell")
lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
  & "TimeZoneInformation\ActiveTimeBias")
If UCase(TypeName(lngBiasKey)) = "LONG" Then
  lngBias = lngBiasKey
ElseIf UCase(TypeName(lngBiasKey)) = "VARIANT()" Then
  lngBias = 0
  For k = 0 To UBound(lngBiasKey)
    lngBias = lngBias + (lngBiasKey(k) * 256^k)
  Next
End If

' Convert datetime value to UTC.
dtmAdjusted = DateAdd("n", lngBias, dtmDateValue)

' Find number of seconds since 1/1/1601.
lngSeconds = DateDiff("s", #1/1/1601#, dtmAdjusted)

' Convert the number of seconds to a string
' and convert to 100-nanosecond intervals.
str64Bit = CStr(lngSeconds) & "0000000"
Wscript.Echo str64Bit

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers