Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Removing old active directory computers

Status
Not open for further replies.
Red04GT

Red04GT

IS-IT--Management
May 3, 2006
7
0
0
US
I need to find the most effecient way to look up remove the old non existant computer names from our active directory.

Over the years people have come and gone and of course the computer names on the domain have changed as well. Oh wait lets not forget 50 replacement computers when my office got demolished from one of the hurricanes a few years back. Well.... I am looking at roughly 450 objects in the directory when there is in fact only 200 or so machines company wide.

Anyone have any ideas to make my life easier?

There has to be a way to run a script to say ummm.... search for computers on the domain which have been logged into with in the past week, then remove the remaining unaccounted for computer names.



Let me know if you have any ideas
 
Sort by date Sort by votes
You can do it with a simple VBScript. Below is an example:




On Error Resume Next

Set objOU = GetObject("LDAP://OU=ComputersOU,dc=domain,dc=org")
objOU.Filter = Array("Computer")

For Each objComputer in objOU
Set objPC = GetObject(objComputer.ADsPath)
Set objLastLogon = objPC.Get("lastLogonTimestamp")

intLastLogonTime = objLastLogon.HighPart * (2^32) + objLastLogon.LowPart
intLastLogonTime = intLastLogonTime / (60 * 10000000)
intLastLogonTime = intLastLogonTime / 1440

StrTime = intLastLogonTime + #1/1/1601#

dtmEndingDate = strTime
intDays = DateDiff("d" , dtmEndingDate, now)

If (intDays > 60) and (intDays < 90) Then
WScript.Echo objComputer.CN & " " & strTime & " " & Intdays
objPC.AccountDisabled = True
objPC.SetInfo
ElseIf intDays > 90 Then
WScript.Echo objComputer.CN & " " & strTime & " " & Intdays & "90"
objPC.DeleteObject(0)
End If
Next




The above script will check for the computer accounts not used for more than 60 days and disables them. Computer accounts will be deleted if not used for more than 90 days.

BE SURE TO TEST THE SCRIPT BEFORE YOU RUN IT IN THE PRODUCTION ENVIRONMENT!!!

Copy the above code to notepad and save it with .vbs extension instead of .txt

Post back if you want more help on this.

-Keshav
 
Upvote 0 Downvote
Thanks for the script! I will definately be saving this for future use if necessary.

I ended up finding this little app called oldCMP which did the trick for me. I appreciate your response
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

julis2103
  • Locked
  • Question
Active Directory
Replies
0
Views
54
julis2103
julis2103
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
136
goombawaho
goombawaho
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
77
StevenFromSouth
StevenFromSouth
geneg28
  • Locked
  • Question
Active Directory and Linux Servers
Replies
0
Views
40
geneg28
geneg28
axilleas
  • Locked
  • Question
Windows 2012 R2 Active directory problem after applying GPO
Replies
7
Views
82
technome
technome

Part and Inventory Search

Sponsor

Back
Top